From 8ef437334f712238da4e0b7f3a4b3998240d078f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 9 Mar 2024 21:31:57 -0600 Subject: [PATCH 001/932] initialized flake --- .sops.yaml | 7 + flake.lock | 100 ++++++++ flake.nix | 32 +++ hosts/emergent/configuration.nix | 5 + hosts/hesperium/configuration.nix | 5 + hosts/horizon/configuration.nix | 291 +++++++++++++++++++++++ hosts/horizon/hardware-configuration.nix | 62 +++++ hosts/threshold/configuration.nix | 5 + hosts/twilight/configuration.nix | 5 + 9 files changed, 512 insertions(+) create mode 100644 .sops.yaml create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/emergent/configuration.nix create mode 100644 hosts/hesperium/configuration.nix create mode 100644 hosts/horizon/configuration.nix create mode 100644 hosts/horizon/hardware-configuration.nix create mode 100644 hosts/threshold/configuration.nix create mode 100644 hosts/twilight/configuration.nix diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 00000000..8b0366e8 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 00000000..f13caba2 --- /dev/null +++ b/flake.lock @@ -0,0 +1,100 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709988192, + "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1709884566, + "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710033658, + "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1709968316, + "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1710039806, + "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 00000000..9be492f4 --- /dev/null +++ b/flake.nix @@ -0,0 +1,32 @@ +{ + description = "Nixos config flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + sops-nix.url = "github:Mic92/sops-nix"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, ... }@inputs: + let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + in + { + + nixosConfigurations = { + horizon = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/horizon/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + }; + }; +} diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix new file mode 100644 index 00000000..215fc8cb --- /dev/null +++ b/hosts/emergent/configuration.nix @@ -0,0 +1,5 @@ +# eve desktop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix new file mode 100644 index 00000000..8cd6f617 --- /dev/null +++ b/hosts/hesperium/configuration.nix @@ -0,0 +1,5 @@ +# nas +{}: +{ + +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix new file mode 100644 index 00000000..a0e247ed --- /dev/null +++ b/hosts/horizon/configuration.nix @@ -0,0 +1,291 @@ +# leyla laptop +{ config, pkgs, inputs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + networking.hostName = "leyla-laptop"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us"; + xkbVariant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # enabled virtualisation for docker + virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Disables creating or editing users though methods not defined in this file + users.mutableUsers = false; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; + + sops.secrets."passwords/leyla".neededForUsers = true; + sops.secrets."passwords/ester".neededForUsers = true; + sops.secrets."passwords/eve".neededForUsers = true; + + # Define user accounts + users.users = { + leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden +# vscode + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; + + eve = { + isNormalUser = true; + uid = 1001; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; + + ester = { + isNormalUser = true; + uid = 1002; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + # resilio-sync + yt-dlp + spotdl + ffmpeg + chromaprint + docker + aileron +# sox +# songrec +# csvkit +# losslessaudiochecker + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # # List services that you want to enable: + # systemd.services = { + # # Start resilio sync on boot + # resilio-sync = { + # description = "Resilio Sync service"; + + # serviceConfig = { + # Type = "forking"; + # Restart = "on-failure"; + # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; + # }; + + # after = [ "network.target" "network-online.target" ]; + # wantedBy = [ "multi-user.target" ]; + # }; + # }; + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix new file mode 100644 index 00000000..d6751d0a --- /dev/null +++ b/hosts/horizon/hardware-configuration.nix @@ -0,0 +1,62 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix new file mode 100644 index 00000000..305f2f77 --- /dev/null +++ b/hosts/threshold/configuration.nix @@ -0,0 +1,5 @@ +# eve laptop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix new file mode 100644 index 00000000..6930d8f9 --- /dev/null +++ b/hosts/twilight/configuration.nix @@ -0,0 +1,5 @@ +# leyla desktop +{}: +{ + +} \ No newline at end of file From f3ef75504210bafb30e60979fada38faff619877 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 9 Mar 2024 21:31:57 -0600 Subject: [PATCH 002/932] initialized flake --- .sops.yaml | 7 + flake.lock | 100 ++++++++ flake.nix | 32 +++ hosts/emergent/configuration.nix | 5 + hosts/hesperium/configuration.nix | 5 + hosts/horizon/configuration.nix | 291 +++++++++++++++++++++++ hosts/horizon/hardware-configuration.nix | 62 +++++ hosts/threshold/configuration.nix | 5 + hosts/twilight/configuration.nix | 5 + secrets/secrets.yaml | 24 ++ 10 files changed, 536 insertions(+) create mode 100644 .sops.yaml create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/emergent/configuration.nix create mode 100644 hosts/hesperium/configuration.nix create mode 100644 hosts/horizon/configuration.nix create mode 100644 hosts/horizon/hardware-configuration.nix create mode 100644 hosts/threshold/configuration.nix create mode 100644 hosts/twilight/configuration.nix create mode 100644 secrets/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 00000000..8b0366e8 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,7 @@ +keys: + - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e +creation_rules: + - path_regex: secrets/secrets.yaml$ + key_groups: + - age: + - *primary \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 00000000..f13caba2 --- /dev/null +++ b/flake.lock @@ -0,0 +1,100 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709988192, + "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1709884566, + "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1710033658, + "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1709968316, + "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1710039806, + "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 00000000..9be492f4 --- /dev/null +++ b/flake.nix @@ -0,0 +1,32 @@ +{ + description = "Nixos config flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + sops-nix.url = "github:Mic92/sops-nix"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, ... }@inputs: + let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + in + { + + nixosConfigurations = { + horizon = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/horizon/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + }; + }; +} diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix new file mode 100644 index 00000000..215fc8cb --- /dev/null +++ b/hosts/emergent/configuration.nix @@ -0,0 +1,5 @@ +# eve desktop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix new file mode 100644 index 00000000..8cd6f617 --- /dev/null +++ b/hosts/hesperium/configuration.nix @@ -0,0 +1,5 @@ +# nas +{}: +{ + +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix new file mode 100644 index 00000000..a0e247ed --- /dev/null +++ b/hosts/horizon/configuration.nix @@ -0,0 +1,291 @@ +# leyla laptop +{ config, pkgs, inputs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + networking.hostName = "leyla-laptop"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us"; + xkbVariant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # enabled virtualisation for docker + virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Disables creating or editing users though methods not defined in this file + users.mutableUsers = false; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; + + sops.secrets."passwords/leyla".neededForUsers = true; + sops.secrets."passwords/ester".neededForUsers = true; + sops.secrets."passwords/eve".neededForUsers = true; + + # Define user accounts + users.users = { + leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" "docker" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden +# vscode + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; + + eve = { + isNormalUser = true; + uid = 1001; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; + + ester = { + isNormalUser = true; + uid = 1002; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + # resilio-sync + yt-dlp + spotdl + ffmpeg + chromaprint + docker + aileron +# sox +# songrec +# csvkit +# losslessaudiochecker + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # # List services that you want to enable: + # systemd.services = { + # # Start resilio sync on boot + # resilio-sync = { + # description = "Resilio Sync service"; + + # serviceConfig = { + # Type = "forking"; + # Restart = "on-failure"; + # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; + # }; + + # after = [ "network.target" "network-online.target" ]; + # wantedBy = [ "multi-user.target" ]; + # }; + # }; + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix new file mode 100644 index 00000000..d6751d0a --- /dev/null +++ b/hosts/horizon/hardware-configuration.nix @@ -0,0 +1,62 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix new file mode 100644 index 00000000..305f2f77 --- /dev/null +++ b/hosts/threshold/configuration.nix @@ -0,0 +1,5 @@ +# eve laptop +{}: +{ + +} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix new file mode 100644 index 00000000..6930d8f9 --- /dev/null +++ b/hosts/twilight/configuration.nix @@ -0,0 +1,5 @@ +# leyla desktop +{}: +{ + +} \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 00000000..5c76b34a --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,24 @@ +passwords: + leyla: ENC[AES256_GCM,data:2sTuJTlW9JQv+SDSkyaYEc/CjyBhzJe9FHHvacL2SEVilnHyVKi1XpBnn9WJxsRha2UEUad9wn0iw0vu04O2dN+jZO7iLBawyg==,iv:FacSTQ3LV+An9hzYj7veeIQdZUgUZO3/RDGa+5rqo1I=,tag:PH3G1oedpe8Mh6kmm4qDIw==,type:str] + ester: ENC[AES256_GCM,data:4TkuZr9hCskJZNnTeARz8f6jFWmsEKatoi/jpWrK2JGdvJBdqcodP119p1zfTqaFGA6O67YGhXQVAPVceIxAMplUL0UfV3tK6A==,iv:kmozFDwgtHeS02avCk40Ic0EUEJXvYbE5bl4lHX80pk=,tag:r3gmve2678RbJxeF5qdM8A==,type:str] + eve: ENC[AES256_GCM,data:3xXOvblJkUaX+lcL+jgibng49PnTHldMsObE6VMwyWuGaUbZh0psRZKU8TfojW7TCgVEF93aOTc+DWxVqy8ZrfN4gN7CSudCfQ==,iv:LngLHLPXNgc33xH8WniJFnqoExhytnnEvNVBKKSnCTA=,tag:dQ7sVsMHHus39DTXpiBS+A==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLeFdXWDJ1SGNpNEw5b0NZ + U0xjU0Q0N2krdWRUS0w5SkQwNUVUd2FHRFZjCmpkZDZxSE9laC9RbDZhTG83UjVL + UWM0S2wvUWhJRkpQMER2UGphZWhsU2sKLS0tIHFoQ3Jic2RURXNtK1NYWlBxdnJy + WTluMWJsYUxLRVpVeHQ2N0VicUhtWTAKtMgsEkDABJLQi3Wa4NnzMmW5qQw6ExoO + g6AsAMTAN/eOuxNTA6+aMP3M0hMlO07f4UHwvYGifAfHHLidDlgc2g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-10T03:20:40Z" + mac: ENC[AES256_GCM,data:iqLZeEEb0PNKkCppho3BMx4rAKNco7y1aa81cvAcjim5lHvYiPKPzod4A6sd2ioc+uTVXbQO2Jt/zetYpld5YQ+lCgAyaaJ9oqI4gMruqpEYE+kQEO5e0+G84SVeMmp4DyRklCFfvsXATwPjkvpIixKASdJC+MLzqGuLkXUmueA=,iv:8h+d/gNxb3tbWdHZCtdXyTswOApjV3n9cuosHxscQu8=,tag:50mmDQcVwPJ7Ns9pkn6esQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 From b60bacf752ac9df9bc090f1d85a3752274eedc7d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 04:28:47 -0500 Subject: [PATCH 003/932] made user files --- README.md | 1 + flake.nix | 1 - hosts/horizon/configuration.nix | 131 ++++---------------------------- users/default.nix | 6 ++ users/ester/default.nix | 23 ++++++ users/eve/default.nix | 25 ++++++ users/leyla/default.nix | 69 +++++++++++++++++ 7 files changed, 137 insertions(+), 119 deletions(-) create mode 100644 README.md create mode 100644 users/default.nix create mode 100644 users/ester/default.nix create mode 100644 users/eve/default.nix create mode 100644 users/leyla/default.nix diff --git a/README.md b/README.md new file mode 100644 index 00000000..f3290d24 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file diff --git a/flake.nix b/flake.nix index 9be492f4..bc7b3d13 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,6 @@ pkgs = nixpkgs.legacyPackages.${system}; in { - nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index a0e247ed..14520a09 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,10 +3,13 @@ { imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix + [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../users ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -22,13 +25,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "leyla-laptop"; # Define your hostname. + networking.hostName = "horizon"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Enable networking networking.networkmanager.enable = true; @@ -88,14 +87,11 @@ }; # enabled virtualisation for docker - virtualisation.docker.enable = true; + # virtualisation.docker.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Disables creating or editing users though methods not defined in this file - users.mutableUsers = false; - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; @@ -125,107 +121,6 @@ }) ]; - sops.secrets."passwords/leyla".neededForUsers = true; - sops.secrets."passwords/ester".neededForUsers = true; - sops.secrets."passwords/eve".neededForUsers = true; - - # Define user accounts - users.users = { - leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" "docker" ]; - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden -# vscode - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; - }; - - eve = { - isNormalUser = true; - uid = 1001; - description = "Eve"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; - }; - - ester = { - isNormalUser = true; - uid = 1002; - description = "Ester"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; - }; - }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -233,13 +128,13 @@ # $ nix search wget environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget + # wget # resilio-sync - yt-dlp - spotdl - ffmpeg - chromaprint - docker + # yt-dlp + # spotdl + # ffmpeg + # chromaprint + # docker aileron # sox # songrec diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 00000000..8471c05a --- /dev/null +++ b/users/default.nix @@ -0,0 +1,6 @@ +{...}: +{ + imports = [ ./leyla ./ester ./eve ]; + + users.mutableUsers = false; +} \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix new file mode 100644 index 00000000..3108fca1 --- /dev/null +++ b/users/ester/default.nix @@ -0,0 +1,23 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.ester = { + isNormalUser = true; + uid = 1001; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; +} \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix new file mode 100644 index 00000000..c6ae188e --- /dev/null +++ b/users/eve/default.nix @@ -0,0 +1,25 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.eve = { + isNormalUser = true; + uid = 1002; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix new file mode 100644 index 00000000..d902f519 --- /dev/null +++ b/users/leyla/default.nix @@ -0,0 +1,69 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; +} \ No newline at end of file From 9418b91b4d3b0b8543793f21ae9213ac876f7d30 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 04:28:47 -0500 Subject: [PATCH 004/932] made user files --- README.md | 1 + flake.nix | 1 - hosts/horizon/configuration.nix | 131 ++++---------------------------- users/default.nix | 6 ++ users/ester/default.nix | 23 ++++++ users/eve/default.nix | 25 ++++++ users/leyla/default.nix | 69 +++++++++++++++++ 7 files changed, 137 insertions(+), 119 deletions(-) create mode 100644 README.md create mode 100644 users/default.nix create mode 100644 users/ester/default.nix create mode 100644 users/eve/default.nix create mode 100644 users/leyla/default.nix diff --git a/README.md b/README.md new file mode 100644 index 00000000..f3290d24 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file diff --git a/flake.nix b/flake.nix index 9be492f4..bc7b3d13 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,6 @@ pkgs = nixpkgs.legacyPackages.${system}; in { - nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index a0e247ed..14520a09 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,10 +3,13 @@ { imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix + [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../users ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -22,13 +25,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "leyla-laptop"; # Define your hostname. + networking.hostName = "horizon"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Enable networking networking.networkmanager.enable = true; @@ -88,14 +87,11 @@ }; # enabled virtualisation for docker - virtualisation.docker.enable = true; + # virtualisation.docker.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Disables creating or editing users though methods not defined in this file - users.mutableUsers = false; - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; @@ -125,107 +121,6 @@ }) ]; - sops.secrets."passwords/leyla".neededForUsers = true; - sops.secrets."passwords/ester".neededForUsers = true; - sops.secrets."passwords/eve".neededForUsers = true; - - # Define user accounts - users.users = { - leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" "docker" ]; - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden -# vscode - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; - }; - - eve = { - isNormalUser = true; - uid = 1001; - description = "Eve"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; - }; - - ester = { - isNormalUser = true; - uid = 1002; - description = "Ester"; - extraGroups = [ "networkmanager" ]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; - }; - }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -233,13 +128,13 @@ # $ nix search wget environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget + # wget # resilio-sync - yt-dlp - spotdl - ffmpeg - chromaprint - docker + # yt-dlp + # spotdl + # ffmpeg + # chromaprint + # docker aileron # sox # songrec diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 00000000..8471c05a --- /dev/null +++ b/users/default.nix @@ -0,0 +1,6 @@ +{...}: +{ + imports = [ ./leyla ./ester ./eve ]; + + users.mutableUsers = false; +} \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix new file mode 100644 index 00000000..3108fca1 --- /dev/null +++ b/users/ester/default.nix @@ -0,0 +1,23 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.ester = { + isNormalUser = true; + uid = 1001; + description = "Ester"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + }; +} \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix new file mode 100644 index 00000000..c6ae188e --- /dev/null +++ b/users/eve/default.nix @@ -0,0 +1,25 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.eve = { + isNormalUser = true; + uid = 1002; + description = "Eve"; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + }; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix new file mode 100644 index 00000000..d902f519 --- /dev/null +++ b/users/leyla/default.nix @@ -0,0 +1,69 @@ +{ lib, config, pkgs, ... }: +{ + sops.secrets."passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + + # Define user accounts + users.users.leyla = { + isNormalUser = true; + uid = 1000; + description = "Leyla"; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small +# jdk +# android-tools +# android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + }; +} \ No newline at end of file From 3b76e4a8a87beeaa82dc322561d6a79ae28d348d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 17:26:25 -0500 Subject: [PATCH 005/932] added users that can be disabled --- hosts/horizon/configuration.nix | 5 +- users/default.nix | 4 +- users/ester/default.nix | 50 +++++++---- users/eve/default.nix | 54 ++++++++---- users/leyla/default.nix | 144 ++++++++++++++++++-------------- users/remote/default.nix | 30 +++++++ 6 files changed, 193 insertions(+), 94 deletions(-) create mode 100644 users/remote/default.nix diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 14520a09..c26438ac 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,6 +1,5 @@ # leyla laptop { config, pkgs, inputs, ... }: - { imports = [ @@ -17,6 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/users/default.nix b/users/default.nix index 8471c05a..077fda5a 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ -{...}: +{ ... }: { - imports = [ ./leyla ./ester ./eve ]; + imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; } \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix index 3108fca1..0f7f3bea 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -1,23 +1,45 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.ester; +in { - sops.secrets."passwords/ester" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.ester = { + isNormalUser = lib.mkEnableOption "ester"; }; - # Define user accounts - users.users.ester = { - isNormalUser = true; - uid = 1001; - description = "Ester"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; + users.groups.ester = {}; - packages = with pkgs; [ - firefox - bitwarden - discord + users.users.ester = lib.mkMerge [ + { + uid = 1001; + description = "Ester"; + group = "ester"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix index c6ae188e..d5b6f298 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -1,25 +1,47 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.eve; +in { - sops.secrets."passwords/eve" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.eve = { + isNormalUser = lib.mkEnableOption "eve"; }; - # Define user accounts - users.users.eve = { - isNormalUser = true; - uid = 1002; - description = "Eve"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/eve".path; + users.groups.eve = {}; - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop + users.users.eve = lib.mkMerge [ + { + uid = 1002; + description = "Eve"; + group = "eve"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d902f519..7192d10a 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,69 +1,91 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in { - sops.secrets."passwords/leyla" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.leyla = { + isNormalUser = lib.mkEnableOption "leyla"; }; - # Define user accounts - users.users.leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume + users.groups.leyla = {}; + + users.users.leyla = lib.mkMerge [ + { + uid = 1000; + description = "Leyla"; + group = "leyla"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small + # jdk + # android-tools + # android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/remote/default.nix b/users/remote/default.nix new file mode 100644 index 00000000..491bc51f --- /dev/null +++ b/users/remote/default.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: +let + cfg = config.users.remote; +in +{ + options.users.remote = { + isNormalUser = lib.mkEnableOption "remote"; + }; + + config.users = { + groups.remote = {}; + + users.remote = lib.mkMerge [ + { + uid = 2000; + group = "remote"; + } + + ( + if cfg.isNormalUser then { + # extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keys = []; + } else { + isSystemUser = true; + } + ) + ]; + }; +} \ No newline at end of file From eda1db913619d357083cbd72dbc784986af0ca7c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 17:26:25 -0500 Subject: [PATCH 006/932] added users that can be disabled --- hosts/horizon/configuration.nix | 5 +- users/default.nix | 4 +- users/ester/default.nix | 50 +++++++---- users/eve/default.nix | 54 ++++++++---- users/leyla/default.nix | 144 ++++++++++++++++++-------------- users/remote/default.nix | 30 +++++++ 6 files changed, 193 insertions(+), 94 deletions(-) create mode 100644 users/remote/default.nix diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 14520a09..c26438ac 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,6 +1,5 @@ # leyla laptop { config, pkgs, inputs, ... }: - { imports = [ @@ -17,6 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/users/default.nix b/users/default.nix index 8471c05a..077fda5a 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ -{...}: +{ ... }: { - imports = [ ./leyla ./ester ./eve ]; + imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; } \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix index 3108fca1..0f7f3bea 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -1,23 +1,45 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.ester; +in { - sops.secrets."passwords/ester" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.ester = { + isNormalUser = lib.mkEnableOption "ester"; }; - # Define user accounts - users.users.ester = { - isNormalUser = true; - uid = 1001; - description = "Ester"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; + users.groups.ester = {}; - packages = with pkgs; [ - firefox - bitwarden - discord + users.users.ester = lib.mkMerge [ + { + uid = 1001; + description = "Ester"; + group = "ester"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix index c6ae188e..d5b6f298 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -1,25 +1,47 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.eve; +in { - sops.secrets."passwords/eve" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.eve = { + isNormalUser = lib.mkEnableOption "eve"; }; - # Define user accounts - users.users.eve = { - isNormalUser = true; - uid = 1002; - description = "Eve"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/eve".path; + users.groups.eve = {}; - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop + users.users.eve = lib.mkMerge [ + { + uid = 1002; + description = "Eve"; + group = "eve"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d902f519..7192d10a 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,69 +1,91 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in { - sops.secrets."passwords/leyla" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.leyla = { + isNormalUser = lib.mkEnableOption "leyla"; }; - # Define user accounts - users.users.leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume + users.groups.leyla = {}; + + users.users.leyla = lib.mkMerge [ + { + uid = 1000; + description = "Leyla"; + group = "leyla"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small + # jdk + # android-tools + # android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/remote/default.nix b/users/remote/default.nix new file mode 100644 index 00000000..491bc51f --- /dev/null +++ b/users/remote/default.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: +let + cfg = config.users.remote; +in +{ + options.users.remote = { + isNormalUser = lib.mkEnableOption "remote"; + }; + + config.users = { + groups.remote = {}; + + users.remote = lib.mkMerge [ + { + uid = 2000; + group = "remote"; + } + + ( + if cfg.isNormalUser then { + # extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keys = []; + } else { + isSystemUser = true; + } + ) + ]; + }; +} \ No newline at end of file From d20cf49ba2a6aa79788abe75b4b282c797a8b66e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 19:01:23 -0500 Subject: [PATCH 007/932] moved overlays to own folder made environments folder --- enviroments/client/default.nix | 72 +++++++++++++++++++++++++++++ enviroments/common/default.nix | 16 +++++++ hosts/horizon/configuration.nix | 81 +-------------------------------- overlays/intellij.nix | 19 ++++++++ overlays/vscodium.nix | 15 ++++++ users/leyla/default.nix | 56 ++--------------------- users/leyla/packages.nix | 62 +++++++++++++++++++++++++ 7 files changed, 189 insertions(+), 132 deletions(-) create mode 100644 enviroments/client/default.nix create mode 100644 enviroments/common/default.nix create mode 100644 overlays/intellij.nix create mode 100644 overlays/vscodium.nix create mode 100644 users/leyla/packages.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix new file mode 100644 index 00000000..239058c4 --- /dev/null +++ b/enviroments/client/default.nix @@ -0,0 +1,72 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable networking + networking.networkmanager.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us,it,de"; + xkbVariant = ""; + }; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + environment.systemPackages = with pkgs; [ + # version control + git + + # helvetica font + aileron + + # system debuging tools + iputils + dnsutils + ]; +} \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix new file mode 100644 index 00000000..31156250 --- /dev/null +++ b/enviroments/common/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + imports = [ + ../../users + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # List packages installed in system profile. + environment.systemPackages = with pkgs; [ + wget + ]; +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c26438ac..3fbe076f 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -8,7 +8,7 @@ ./hardware-configuration.nix - ../../users + ../../enviroments/client ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -26,68 +26,7 @@ boot.kernelModules = [ "sg" ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "horizon"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; - - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; - - # Configure keymap in X11 - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -127,24 +66,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # resilio-sync - # yt-dlp - # spotdl - # ffmpeg - # chromaprint - # docker - aileron -# sox -# songrec -# csvkit -# losslessaudiochecker - ]; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; diff --git a/overlays/intellij.nix b/overlays/intellij.nix new file mode 100644 index 00000000..25ee779e --- /dev/null +++ b/overlays/intellij.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + }) + ]; +} \ No newline at end of file diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix new file mode 100644 index 00000000..902bd788 --- /dev/null +++ b/overlays/vscodium.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7192d10a..14f4e381 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -3,6 +3,10 @@ let cfg = config.users.leyla; in { + imports =[ + ./packages.nix + ]; + options.users.leyla = { isNormalUser = lib.mkEnableOption "leyla"; }; @@ -30,58 +34,6 @@ in extraGroups = [ "networkmanager" "wheel" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small - # jdk - # android-tools - # android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; } else { isSystemUser = true; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix new file mode 100644 index 00000000..dc5bdc88 --- /dev/null +++ b/users/leyla/packages.nix @@ -0,0 +1,62 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in +{ + imports = [ + ../../overlays/intellij.nix + ../../overlays/vscodium.nix + ]; + + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + freecad + kicad-small + cura + makemkv + transmission-gtk + easytag + rhythmbox + + # proprietary platforms + discord + obsidian + + # development enviroments + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver + + # development tools + # TODO: move these to flakes + nodejs + + # bridges + protonvpn-gui + nextcloud-client + + # gaming + steam + # emulators + yuzu-mainline # Switch Emulator + dolphin-emu # GameCube and Wii Emulator + desmume # DS Emulator + mupen64plus # N64 Emulator + zsnes # SNES Emulator + vbam # Game Boy Advanced Emulator + fceux # NES Emulator + stella # Atari 2600 Emulator + mame # mame Emulator + + + ] + ); +} \ No newline at end of file From ffe16a8d251e62dac712de9a5832d9b65f9a76ac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 19:01:23 -0500 Subject: [PATCH 008/932] moved overlays to own folder made environments folder --- enviroments/client/default.nix | 72 +++++++++++++++++++++++++++++ enviroments/common/default.nix | 16 +++++++ hosts/horizon/configuration.nix | 81 +-------------------------------- overlays/intellij.nix | 19 ++++++++ overlays/vscodium.nix | 15 ++++++ users/leyla/default.nix | 56 ++--------------------- users/leyla/packages.nix | 62 +++++++++++++++++++++++++ 7 files changed, 189 insertions(+), 132 deletions(-) create mode 100644 enviroments/client/default.nix create mode 100644 enviroments/common/default.nix create mode 100644 overlays/intellij.nix create mode 100644 overlays/vscodium.nix create mode 100644 users/leyla/packages.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix new file mode 100644 index 00000000..239058c4 --- /dev/null +++ b/enviroments/client/default.nix @@ -0,0 +1,72 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable networking + networking.networkmanager.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + services.xserver = { + layout = "us,it,de"; + xkbVariant = ""; + }; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + environment.systemPackages = with pkgs; [ + # version control + git + + # helvetica font + aileron + + # system debuging tools + iputils + dnsutils + ]; +} \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix new file mode 100644 index 00000000..31156250 --- /dev/null +++ b/enviroments/common/default.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + imports = [ + ../../users + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # List packages installed in system profile. + environment.systemPackages = with pkgs; [ + wget + ]; +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c26438ac..3fbe076f 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -8,7 +8,7 @@ ./hardware-configuration.nix - ../../users + ../../enviroments/client ]; sops.defaultSopsFile = ../../secrets/secrets.yaml; @@ -26,68 +26,7 @@ boot.kernelModules = [ "sg" ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking.hostName = "horizon"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Chicago"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; - - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; - - # Configure keymap in X11 - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -127,24 +66,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # resilio-sync - # yt-dlp - # spotdl - # ffmpeg - # chromaprint - # docker - aileron -# sox -# songrec -# csvkit -# losslessaudiochecker - ]; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; diff --git a/overlays/intellij.nix b/overlays/intellij.nix new file mode 100644 index 00000000..25ee779e --- /dev/null +++ b/overlays/intellij.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # idea is too out of date for android gradle things + jetbrains = { + jdk = super.jdk17; + idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + version = "2023.3.3"; + name = "idea-community-${version}"; + src = super.fetchurl { + sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + }; + }); + }; + }) + ]; +} \ No newline at end of file diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix new file mode 100644 index 00000000..902bd788 --- /dev/null +++ b/overlays/vscodium.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + nixpkgs.overlays = [ + (self: super: { + # ui is broken on 1.84 + vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + version = "1.85.2.24019"; + src = super.fetchurl { + sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + }; + }); + }) + ]; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7192d10a..14f4e381 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -3,6 +3,10 @@ let cfg = config.users.leyla; in { + imports =[ + ./packages.nix + ]; + options.users.leyla = { isNormalUser = lib.mkEnableOption "leyla"; }; @@ -30,58 +34,6 @@ in extraGroups = [ "networkmanager" "wheel" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small - # jdk - # android-tools - # android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume - ]; } else { isSystemUser = true; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix new file mode 100644 index 00000000..dc5bdc88 --- /dev/null +++ b/users/leyla/packages.nix @@ -0,0 +1,62 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in +{ + imports = [ + ../../overlays/intellij.nix + ../../overlays/vscodium.nix + ]; + + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + freecad + kicad-small + cura + makemkv + transmission-gtk + easytag + rhythmbox + + # proprietary platforms + discord + obsidian + + # development enviroments + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver + + # development tools + # TODO: move these to flakes + nodejs + + # bridges + protonvpn-gui + nextcloud-client + + # gaming + steam + # emulators + yuzu-mainline # Switch Emulator + dolphin-emu # GameCube and Wii Emulator + desmume # DS Emulator + mupen64plus # N64 Emulator + zsnes # SNES Emulator + vbam # Game Boy Advanced Emulator + fceux # NES Emulator + stella # Atari 2600 Emulator + mame # mame Emulator + + + ] + ); +} \ No newline at end of file From d828fc27dc4ca90cfa1860ec67b3fd6c74375e9d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 20:13:57 -0500 Subject: [PATCH 009/932] installed steam --- users/leyla/packages.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index dc5bdc88..225cf925 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -44,19 +50,23 @@ in nextcloud-client # gaming - steam + # steam # emulators + # nintendo yuzu-mainline # Switch Emulator + citra-canary # 3DS emulator + cemu # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator zsnes # SNES Emulator vbam # Game Boy Advanced Emulator fceux # NES Emulator + # play station + rpcs3 # PS3 Emulator + #misc stella # Atari 2600 Emulator mame # mame Emulator - - ] ); } \ No newline at end of file From 51d567148583323b903e3c0451c2bacdaae31e37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 20:13:57 -0500 Subject: [PATCH 010/932] installed steam --- users/leyla/packages.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index dc5bdc88..225cf925 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -44,19 +50,23 @@ in nextcloud-client # gaming - steam + # steam # emulators + # nintendo yuzu-mainline # Switch Emulator + citra-canary # 3DS emulator + cemu # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator zsnes # SNES Emulator vbam # Game Boy Advanced Emulator fceux # NES Emulator + # play station + rpcs3 # PS3 Emulator + #misc stella # Atari 2600 Emulator mame # mame Emulator - - ] ); } \ No newline at end of file From afc0dfdb35616f9e391e103982b6adac800eab8b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 00:43:10 -0500 Subject: [PATCH 011/932] cleaned up packages file for leyla --- hosts/horizon/configuration.nix | 29 ------------------------- users/leyla/default.nix | 6 +++++- users/leyla/packages.nix | 38 +++++++++++++++++++++++++++------ 3 files changed, 36 insertions(+), 37 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3fbe076f..ecb5b475 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -34,35 +34,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; - # Allow unfree packages nixpkgs.config.allowUnfree = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 14f4e381..96ea3cb9 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,11 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "leyla"; + isNormalUser = lib.mkEnableOption "create usable leyla user"; + hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; + hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; + hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; config = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 225cf925..554b8c08 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -14,6 +14,12 @@ in dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; + programs.noisetorch.enable = true; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -23,17 +29,26 @@ in ungoogled-chromium libreoffice inkscape + gimp + krita freecad - kicad-small cura + kicad-small makemkv transmission-gtk - easytag - rhythmbox + onionshare + # easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing # proprietary platforms discord obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) # development enviroments vscodium @@ -45,17 +60,23 @@ in # TODO: move these to flakes nodejs - # bridges + # system tools protonvpn-gui nextcloud-client - + noisetorch + + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + # gaming # steam # emulators # nintendo - yuzu-mainline # Switch Emulator + (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator citra-canary # 3DS emulator - cemu # Wii-U emulator + (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator @@ -63,7 +84,10 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station + pcsxr # PS1 Emulator + pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator mame # mame Emulator From a6d16fe29f2d6677636157737daa8da5b3c356d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 00:43:10 -0500 Subject: [PATCH 012/932] cleaned up packages file for leyla --- hosts/horizon/configuration.nix | 29 ------------------------- users/leyla/default.nix | 6 +++++- users/leyla/packages.nix | 38 +++++++++++++++++++++++++++------ 3 files changed, 36 insertions(+), 37 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3fbe076f..ecb5b475 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -34,35 +34,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; - # Allow unfree packages nixpkgs.config.allowUnfree = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 14f4e381..96ea3cb9 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,11 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "leyla"; + isNormalUser = lib.mkEnableOption "create usable leyla user"; + hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; + hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; + hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; config = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 225cf925..554b8c08 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -14,6 +14,12 @@ in dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; + programs.noisetorch.enable = true; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-25.9.0" + ]; + users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( with pkgs; [ #foss platforms @@ -23,17 +29,26 @@ in ungoogled-chromium libreoffice inkscape + gimp + krita freecad - kicad-small cura + kicad-small makemkv transmission-gtk - easytag - rhythmbox + onionshare + # easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing # proprietary platforms discord obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) # development enviroments vscodium @@ -45,17 +60,23 @@ in # TODO: move these to flakes nodejs - # bridges + # system tools protonvpn-gui nextcloud-client - + noisetorch + + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + # gaming # steam # emulators # nintendo - yuzu-mainline # Switch Emulator + (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator citra-canary # 3DS emulator - cemu # Wii-U emulator + (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator mupen64plus # N64 Emulator @@ -63,7 +84,10 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station + pcsxr # PS1 Emulator + pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator mame # mame Emulator From 46aa44a23e445613ccc7d39c3f9c46e9ac321602 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 01:57:17 -0500 Subject: [PATCH 013/932] added home manager for leyla --- enviroments/client/default.nix | 6 ++- flake.lock | 8 ++-- flake.nix | 2 +- users/default.nix | 4 +- users/leyla/default.nix | 2 + users/leyla/home.nix | 82 ++++++++++++++++++++++++++++++++++ users/leyla/packages.nix | 4 +- 7 files changed, 99 insertions(+), 9 deletions(-) create mode 100644 users/leyla/home.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 239058c4..fc05ac19 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -23,8 +23,10 @@ # Configure keymap in X11 services.xserver = { - layout = "us,it,de"; - xkbVariant = ""; + xkb = { + layout = "us,it,de"; + variant = ""; + }; }; # Enable sound with pipewire. diff --git a/flake.lock b/flake.lock index f13caba2..eb6a19fe 100644 --- a/flake.lock +++ b/flake.lock @@ -22,16 +22,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709884566, - "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "lastModified": 1709961763, + "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index bc7b3d13..43f8cd7f 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Nixos config flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; diff --git a/users/default.nix b/users/default.nix index 077fda5a..97133d99 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,8 @@ -{ ... }: +{ inputs, ... }: { imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; + + home-manager.extraSpecialArgs = { inherit inputs; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 96ea3cb9..8745e7b2 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -43,5 +43,7 @@ in } ) ]; + + home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix new file mode 100644 index 00000000..baf2ebf0 --- /dev/null +++ b/users/leyla/home.nix @@ -0,0 +1,82 @@ +{ config, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the paths it should + # manage. + home.username = "leyla"; + home.homeDirectory = "/home/leyla"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + home.stateVersion = "23.11"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + home.sessionVariables = { + # EDITOR = "emacs"; + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + }; + }; +} diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 554b8c08..c1311a7e 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -74,8 +74,10 @@ in # steam # emulators # nintendo + # TODO: replace this with self hosted flake (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - citra-canary # 3DS emulator + # TODO: replace this with self hosted flake + # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator From 0e8697bf66a0ba66b990088e05d5a6d622102bdd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Mar 2024 01:57:17 -0500 Subject: [PATCH 014/932] added home manager for leyla --- enviroments/client/default.nix | 6 ++- flake.lock | 8 ++-- flake.nix | 2 +- users/default.nix | 4 +- users/leyla/default.nix | 2 + users/leyla/home.nix | 82 ++++++++++++++++++++++++++++++++++ users/leyla/packages.nix | 4 +- 7 files changed, 99 insertions(+), 9 deletions(-) create mode 100644 users/leyla/home.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 239058c4..fc05ac19 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -23,8 +23,10 @@ # Configure keymap in X11 services.xserver = { - layout = "us,it,de"; - xkbVariant = ""; + xkb = { + layout = "us,it,de"; + variant = ""; + }; }; # Enable sound with pipewire. diff --git a/flake.lock b/flake.lock index f13caba2..eb6a19fe 100644 --- a/flake.lock +++ b/flake.lock @@ -22,16 +22,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709884566, - "narHash": "sha256-NSYJg2sfdO/XS3L8XN/59Zhzn0dqWm7XtVnKI2mHq3w=", + "lastModified": 1709961763, + "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2be119add7b37dc535da2dd4cba68e2cf8d1517e", + "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index bc7b3d13..43f8cd7f 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Nixos config flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; sops-nix.url = "github:Mic92/sops-nix"; diff --git a/users/default.nix b/users/default.nix index 077fda5a..97133d99 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,8 @@ -{ ... }: +{ inputs, ... }: { imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; + + home-manager.extraSpecialArgs = { inherit inputs; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 96ea3cb9..8745e7b2 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -43,5 +43,7 @@ in } ) ]; + + home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix new file mode 100644 index 00000000..baf2ebf0 --- /dev/null +++ b/users/leyla/home.nix @@ -0,0 +1,82 @@ +{ config, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the paths it should + # manage. + home.username = "leyla"; + home.homeDirectory = "/home/leyla"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + home.stateVersion = "23.11"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + home.sessionVariables = { + # EDITOR = "emacs"; + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + }; + }; +} diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 554b8c08..c1311a7e 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -74,8 +74,10 @@ in # steam # emulators # nintendo + # TODO: replace this with self hosted flake (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - citra-canary # 3DS emulator + # TODO: replace this with self hosted flake + # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator dolphin-emu # GameCube and Wii Emulator desmume # DS Emulator From d6ca7d5a60bdb2b549e50fa2bd434b6a8592530b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 12 Mar 2024 00:53:45 -0500 Subject: [PATCH 015/932] set init default branch for git to main --- users/leyla/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index baf2ebf0..3b26ed47 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -77,6 +77,7 @@ enable = true; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; }; }; } From 6bafea9b7b85065ed466533bd8554f19a221e1d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 12 Mar 2024 00:53:45 -0500 Subject: [PATCH 016/932] set init default branch for git to main --- users/leyla/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index baf2ebf0..3b26ed47 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -77,6 +77,7 @@ enable = true; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; }; }; } From a18d2d373a79fc1b791821ec3c0c6545db8bdb68 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:33:03 -0500 Subject: [PATCH 017/932] regenerated age keys to use leylas credentials --- .sops.yaml | 4 ++-- flake.nix | 6 ++++-- pkgs/default.nix | 4 ++++ users/leyla/packages.nix | 7 +++---- 4 files changed, 13 insertions(+), 8 deletions(-) create mode 100644 pkgs/default.nix diff --git a/.sops.yaml b/.sops.yaml index 8b0366e8..0ac5664b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + - &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh creation_rules: - path_regex: secrets/secrets.yaml$ key_groups: - age: - - *primary \ No newline at end of file + - *leyla diff --git a/flake.nix b/flake.nix index 43f8cd7f..a0d15de0 100644 --- a/flake.nix +++ b/flake.nix @@ -14,10 +14,12 @@ outputs = { self, nixpkgs, ... }@inputs: let - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; + forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { + packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); + nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 00000000..b0fd62ba --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,4 @@ +pkgs: { + # yuzu-clone = pkgs.callPackage ./yuzo { }; + # citra-clone = pkgs.callPackage ./citra { }; +} \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index c1311a7e..3d2429b7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -71,11 +71,10 @@ in (lib.mkIf cfg.hasViaKeyboard via) # gaming - # steam # emulators # nintendo # TODO: replace this with self hosted flake - (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator # TODO: replace this with self hosted flake # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator @@ -86,9 +85,9 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station - pcsxr # PS1 Emulator - pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + pcsx2 # PS2 Emulator + pcsxr # PS1 Emulator # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator From 9348d4094cdc71177cd51a93927e47dc981335b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:33:03 -0500 Subject: [PATCH 018/932] regenerated age keys to use leylas credentials --- .sops.yaml | 4 ++-- flake.nix | 6 ++++-- pkgs/default.nix | 4 ++++ secrets/secrets.yaml | 22 +++++++++++----------- users/leyla/packages.nix | 7 +++---- 5 files changed, 24 insertions(+), 19 deletions(-) create mode 100644 pkgs/default.nix diff --git a/.sops.yaml b/.sops.yaml index 8b0366e8..0ac5664b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - - &primary age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + - &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh creation_rules: - path_regex: secrets/secrets.yaml$ key_groups: - age: - - *primary \ No newline at end of file + - *leyla diff --git a/flake.nix b/flake.nix index 43f8cd7f..a0d15de0 100644 --- a/flake.nix +++ b/flake.nix @@ -14,10 +14,12 @@ outputs = { self, nixpkgs, ... }@inputs: let - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; + forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { + packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); + nixosConfigurations = { horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 00000000..b0fd62ba --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,4 @@ +pkgs: { + # yuzu-clone = pkgs.callPackage ./yuzo { }; + # citra-clone = pkgs.callPackage ./citra { }; +} \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 5c76b34a..fb57b2b7 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,24 +1,24 @@ passwords: - leyla: ENC[AES256_GCM,data:2sTuJTlW9JQv+SDSkyaYEc/CjyBhzJe9FHHvacL2SEVilnHyVKi1XpBnn9WJxsRha2UEUad9wn0iw0vu04O2dN+jZO7iLBawyg==,iv:FacSTQ3LV+An9hzYj7veeIQdZUgUZO3/RDGa+5rqo1I=,tag:PH3G1oedpe8Mh6kmm4qDIw==,type:str] - ester: ENC[AES256_GCM,data:4TkuZr9hCskJZNnTeARz8f6jFWmsEKatoi/jpWrK2JGdvJBdqcodP119p1zfTqaFGA6O67YGhXQVAPVceIxAMplUL0UfV3tK6A==,iv:kmozFDwgtHeS02avCk40Ic0EUEJXvYbE5bl4lHX80pk=,tag:r3gmve2678RbJxeF5qdM8A==,type:str] - eve: ENC[AES256_GCM,data:3xXOvblJkUaX+lcL+jgibng49PnTHldMsObE6VMwyWuGaUbZh0psRZKU8TfojW7TCgVEF93aOTc+DWxVqy8ZrfN4gN7CSudCfQ==,iv:LngLHLPXNgc33xH8WniJFnqoExhytnnEvNVBKKSnCTA=,tag:dQ7sVsMHHus39DTXpiBS+A==,type:str] + leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str] + ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str] + eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1y98w2zgrc8f8l2sw632g697nqkcudvsknjmm85ajehpnnjtvvv6sx5670e + - recipient: age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLeFdXWDJ1SGNpNEw5b0NZ - U0xjU0Q0N2krdWRUS0w5SkQwNUVUd2FHRFZjCmpkZDZxSE9laC9RbDZhTG83UjVL - UWM0S2wvUWhJRkpQMER2UGphZWhsU2sKLS0tIHFoQ3Jic2RURXNtK1NYWlBxdnJy - WTluMWJsYUxLRVpVeHQ2N0VicUhtWTAKtMgsEkDABJLQi3Wa4NnzMmW5qQw6ExoO - g6AsAMTAN/eOuxNTA6+aMP3M0hMlO07f4UHwvYGifAfHHLidDlgc2g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd3BCR2RmMms4ZkNlbTdy + SzRKQ1NqZmFmOHJIS0oxZ3BMSnUyWXAyUUVrCk9tNjNNb0xEcnkvamJpSFF5UlhU + ejF4ZHFlZzJoemxpWXd0clN3cFZvMlkKLS0tIDdoK1oxc2doQTh3QlVyc3dhUE1W + VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+ + Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-10T03:20:40Z" - mac: ENC[AES256_GCM,data:iqLZeEEb0PNKkCppho3BMx4rAKNco7y1aa81cvAcjim5lHvYiPKPzod4A6sd2ioc+uTVXbQO2Jt/zetYpld5YQ+lCgAyaaJ9oqI4gMruqpEYE+kQEO5e0+G84SVeMmp4DyRklCFfvsXATwPjkvpIixKASdJC+MLzqGuLkXUmueA=,iv:8h+d/gNxb3tbWdHZCtdXyTswOApjV3n9cuosHxscQu8=,tag:50mmDQcVwPJ7Ns9pkn6esQ==,type:str] + lastmodified: "2024-04-03T01:27:28Z" + mac: ENC[AES256_GCM,data:ExP2Q8judGmQ5QFdZjmkNuMXlI9XJLeKaFn15Y4YuA2r+qLYYegN/IR1VeDrDO+XfWJJS7qednRnb9gErqUQgwX06AhMFDGUHHgB2lFdr/X0KBNt9EcrQ+S4Zh9zh8aTZesvnLaorz5QqF1Mt4FRz8mFYQIJ3DCWXV0cHrmmvcA=,iv:QBMc5E9SXP7aMCYFF/JnhM3bAuBA6mY4cENOW8SSaW0=,tag:ftg5Q8rS0NfUSogXXKEePA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index c1311a7e..3d2429b7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -71,11 +71,10 @@ in (lib.mkIf cfg.hasViaKeyboard via) # gaming - # steam # emulators # nintendo # TODO: replace this with self hosted flake - (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator # TODO: replace this with self hosted flake # citra-canary # 3DS emulator (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator @@ -86,9 +85,9 @@ in vbam # Game Boy Advanced Emulator fceux # NES Emulator # play station - pcsxr # PS1 Emulator - pcsx2 # PS2 Emulator rpcs3 # PS3 Emulator + pcsx2 # PS2 Emulator + pcsxr # PS1 Emulator # TODO: more play station emulators here when they come out #misc stella # Atari 2600 Emulator From cbb09462059f71eec6d2d67d3b381db7d9cff2b6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:55:11 -0500 Subject: [PATCH 019/932] updated README --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f3290d24..110e05a6 100644 --- a/README.md +++ b/README.md @@ -1 +1,13 @@ -sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file + + + +Build Command: +`sudo nixos-rebuild switch --flake .#hostname` + +| Hostname | Device Description | Primary User | Role | +| :---------: | :------------------------: | :--------------: | :-------: | +| `twilight` | Desktop Computer | Leyla | Desktop | +| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | +| `defiant` | Steam Desk | Leyla | Handheld | +| `emergent` | Desktop Computer | Eve | Laptop | +| `threshold` | Laptop | Eve | Desktop | From 9c2d5201fc353b93965710ffd66ee3ff5d721fee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Apr 2024 20:55:11 -0500 Subject: [PATCH 020/932] updated README --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f3290d24..110e05a6 100644 --- a/README.md +++ b/README.md @@ -1 +1,13 @@ -sudo nixos-rebuild switch --flake .#horizon \ No newline at end of file + + + +Build Command: +`sudo nixos-rebuild switch --flake .#hostname` + +| Hostname | Device Description | Primary User | Role | +| :---------: | :------------------------: | :--------------: | :-------: | +| `twilight` | Desktop Computer | Leyla | Desktop | +| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | +| `defiant` | Steam Desk | Leyla | Handheld | +| `emergent` | Desktop Computer | Eve | Laptop | +| `threshold` | Laptop | Eve | Desktop | From a45d441f019d791267815a9f33d022f0c55d0a4c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 15:58:30 -0500 Subject: [PATCH 021/932] added code shell aliases --- users/leyla/packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 3d2429b7..55c2faa9 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,10 @@ in ../../overlays/vscodium.nix ]; + programs.bash.shellAliases = { + code = "codium"; + }; + programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 712ecbb8b33f833cb72705cc5598e367ff0bb1d4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 15:58:30 -0500 Subject: [PATCH 022/932] added code shell aliases --- users/leyla/packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 3d2429b7..55c2faa9 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,10 @@ in ../../overlays/vscodium.nix ]; + programs.bash.shellAliases = { + code = "codium"; + }; + programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 0b6065befc904e235c2ceb03d1883227ab14fc6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 16:11:16 -0500 Subject: [PATCH 023/932] removed node from packages --- users/leyla/packages.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 55c2faa9..196373af 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -54,16 +54,12 @@ in steam (lib.mkIf cfg.hasGPU davinci-resolve) - # development enviroments + # development tools vscodium androidStudioPackages.canary jetbrains.idea-community dbeaver - # development tools - # TODO: move these to flakes - nodejs - # system tools protonvpn-gui nextcloud-client From d4c2999b8ed969080a709e90e0fe1451be6f5243 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Apr 2024 16:11:16 -0500 Subject: [PATCH 024/932] removed node from packages --- users/leyla/packages.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 55c2faa9..196373af 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -54,16 +54,12 @@ in steam (lib.mkIf cfg.hasGPU davinci-resolve) - # development enviroments + # development tools vscodium androidStudioPackages.canary jetbrains.idea-community dbeaver - # development tools - # TODO: move these to flakes - nodejs - # system tools protonvpn-gui nextcloud-client From 8267680a0293e626d0dd8ad9953d69936293400f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Apr 2024 12:23:34 -0500 Subject: [PATCH 025/932] installed bruno --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 196373af..2545068b 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -59,6 +59,7 @@ in androidStudioPackages.canary jetbrains.idea-community dbeaver + bruno # system tools protonvpn-gui From c568b7fb65a4f1fe2f521dbf352bffcabd26dc33 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Apr 2024 12:23:34 -0500 Subject: [PATCH 026/932] installed bruno --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 196373af..2545068b 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -59,6 +59,7 @@ in androidStudioPackages.canary jetbrains.idea-community dbeaver + bruno # system tools protonvpn-gui From f0a6d7362a8c094ed2d9a41440c90a9dda3bbfb0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 May 2024 15:10:54 -0500 Subject: [PATCH 027/932] installed cachefilesd --- enviroments/client/default.nix | 2 ++ hosts/horizon/hardware-configuration.nix | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fc05ac19..c0f82e0a 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -70,5 +70,7 @@ # system debuging tools iputils dnsutils + + cachefilesd ]; } \ No newline at end of file diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index d6751d0a..e83bda57 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -23,18 +23,20 @@ fsType = "vfat"; }; + services.cachefilesd.enable = true; + fileSystems."/mnt/leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/docker_home" = From 5fb145662261f301d179480e8ad044f332c33c21 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 May 2024 15:10:54 -0500 Subject: [PATCH 028/932] installed cachefilesd --- enviroments/client/default.nix | 2 ++ hosts/horizon/hardware-configuration.nix | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fc05ac19..c0f82e0a 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -70,5 +70,7 @@ # system debuging tools iputils dnsutils + + cachefilesd ]; } \ No newline at end of file diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index d6751d0a..e83bda57 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -23,18 +23,20 @@ fsType = "vfat"; }; + services.cachefilesd.enable = true; + fileSystems."/mnt/leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; fileSystems."/mnt/docker_home" = From 85a34279b30e1e009f3a7b02901e449dac7c678b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:47:44 -0500 Subject: [PATCH 029/932] added config for framework specific hardware things --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index a0d15de0..b97f0a08 100644 --- a/flake.nix +++ b/flake.nix @@ -10,9 +10,11 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, ... }@inputs: + outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); @@ -26,6 +28,7 @@ modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default + nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; }; From effeb63067b439c433efede905165af752919f3d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:47:44 -0500 Subject: [PATCH 030/932] added config for framework specific hardware things --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index a0d15de0..b97f0a08 100644 --- a/flake.nix +++ b/flake.nix @@ -10,9 +10,11 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, ... }@inputs: + outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); @@ -26,6 +28,7 @@ modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default + nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; }; From 215e5c8660a366cf7412d101a451b58c2b2b5b3d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:48:02 -0500 Subject: [PATCH 031/932] updated flake lock --- flake.lock | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index eb6a19fe..59947ee3 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709988192, - "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "lastModified": 1717525419, + "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", "type": "github" }, "original": { @@ -20,13 +20,29 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1717574423, + "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1709961763, - "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -38,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1710033658, - "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "lastModified": 1717265169, + "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", "type": "github" }, "original": { @@ -54,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709968316, - "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "lastModified": 1717112898, + "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", "type": "github" }, "original": { @@ -71,6 +87,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" } @@ -81,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1710039806, - "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "lastModified": 1717455931, + "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", "type": "github" }, "original": { From c119ceed99fda27158c3ac22507572ca7f5e8b3f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 15:48:02 -0500 Subject: [PATCH 032/932] updated flake lock --- flake.lock | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index eb6a19fe..59947ee3 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709988192, - "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=", + "lastModified": 1717525419, + "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", "owner": "nix-community", "repo": "home-manager", - "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030", + "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", "type": "github" }, "original": { @@ -20,13 +20,29 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1717574423, + "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1709961763, - "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -38,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1710033658, - "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", + "lastModified": 1717265169, + "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", + "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", "type": "github" }, "original": { @@ -54,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709968316, - "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "lastModified": 1717112898, + "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", "type": "github" }, "original": { @@ -71,6 +87,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" } @@ -81,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1710039806, - "narHash": "sha256-vC2fo/phnetp6ub/nRv6mgAi5LbhJ6ujGQWrRD2VgNs=", + "lastModified": 1717455931, + "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f8d5c8baa83fe620a28c0db633be9db3e34474b4", + "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", "type": "github" }, "original": { From 7186c2736b709dbd6011952623780d7660e2c5f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 16:10:39 -0500 Subject: [PATCH 033/932] updated dbeaver --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2545068b..41470545 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -58,7 +58,7 @@ in vscodium androidStudioPackages.canary jetbrains.idea-community - dbeaver + dbeaver-bin bruno # system tools From e50a9e71a5931f5e8cadd57429cb2bd2d50e8ad3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Jun 2024 16:10:39 -0500 Subject: [PATCH 034/932] updated dbeaver --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2545068b..41470545 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -58,7 +58,7 @@ in vscodium androidStudioPackages.canary jetbrains.idea-community - dbeaver + dbeaver-bin bruno # system tools From 50f2c88fff4210dd1e858bdd69e40ddd27b91524 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:13 -0500 Subject: [PATCH 035/932] added leyla to abd users --- README.md | 2 -- users/leyla/default.nix | 2 +- users/leyla/packages.nix | 2 ++ 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 110e05a6..cedb557f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ - - Build Command: `sudo nixos-rebuild switch --flake .#hostname` diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 8745e7b2..2f798be3 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 41470545..0f87f9a7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -20,6 +20,8 @@ in programs.noisetorch.enable = true; + programs.adb.enable = true; + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; From 30961e681b9fb8530cc1d7c2ceab6d9f003567d3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:13 -0500 Subject: [PATCH 036/932] added leyla to abd users --- README.md | 2 -- users/leyla/default.nix | 2 +- users/leyla/packages.nix | 2 ++ 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 110e05a6..cedb557f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ - - Build Command: `sudo nixos-rebuild switch --flake .#hostname` diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 8745e7b2..2f798be3 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 41470545..0f87f9a7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -20,6 +20,8 @@ in programs.noisetorch.enable = true; + programs.adb.enable = true; + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; From e07cfe1eeb31ef79c615602b40f8b1f8fd4d63d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:34 -0500 Subject: [PATCH 037/932] removed emulators --- users/leyla/packages.nix | 44 ++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 0f87f9a7..8ef0beb3 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -73,28 +73,28 @@ in (lib.mkIf cfg.hasOpenRGBHardware openrgb) (lib.mkIf cfg.hasViaKeyboard via) - # gaming - # emulators - # nintendo - # TODO: replace this with self hosted flake - # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # TODO: replace this with self hosted flake - # citra-canary # 3DS emulator - (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - dolphin-emu # GameCube and Wii Emulator - desmume # DS Emulator - mupen64plus # N64 Emulator - zsnes # SNES Emulator - vbam # Game Boy Advanced Emulator - fceux # NES Emulator - # play station - rpcs3 # PS3 Emulator - pcsx2 # PS2 Emulator - pcsxr # PS1 Emulator - # TODO: more play station emulators here when they come out - #misc - stella # Atari 2600 Emulator - mame # mame Emulator + # # gaming + # # emulators + # # nintendo + # # TODO: replace this with self hosted flake + # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # # TODO: replace this with self hosted flake + # # citra-canary # 3DS emulator + # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator + # dolphin-emu # GameCube and Wii Emulator + # desmume # DS Emulator + # mupen64plus # N64 Emulator + # zsnes # SNES Emulator + # vbam # Game Boy Advanced Emulator + # fceux # NES Emulator + # # play station + # rpcs3 # PS3 Emulator + # pcsx2 # PS2 Emulator + # pcsxr # PS1 Emulator + # # TODO: more play station emulators here when they come out + # #misc + # stella # Atari 2600 Emulator + # mame # mame Emulator ] ); } \ No newline at end of file From b526c1850cc190fd3927d23ad6f075762c87f84f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:19:34 -0500 Subject: [PATCH 038/932] removed emulators --- users/leyla/packages.nix | 44 ++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 0f87f9a7..8ef0beb3 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -73,28 +73,28 @@ in (lib.mkIf cfg.hasOpenRGBHardware openrgb) (lib.mkIf cfg.hasViaKeyboard via) - # gaming - # emulators - # nintendo - # TODO: replace this with self hosted flake - # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # TODO: replace this with self hosted flake - # citra-canary # 3DS emulator - (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - dolphin-emu # GameCube and Wii Emulator - desmume # DS Emulator - mupen64plus # N64 Emulator - zsnes # SNES Emulator - vbam # Game Boy Advanced Emulator - fceux # NES Emulator - # play station - rpcs3 # PS3 Emulator - pcsx2 # PS2 Emulator - pcsxr # PS1 Emulator - # TODO: more play station emulators here when they come out - #misc - stella # Atari 2600 Emulator - mame # mame Emulator + # # gaming + # # emulators + # # nintendo + # # TODO: replace this with self hosted flake + # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator + # # TODO: replace this with self hosted flake + # # citra-canary # 3DS emulator + # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator + # dolphin-emu # GameCube and Wii Emulator + # desmume # DS Emulator + # mupen64plus # N64 Emulator + # zsnes # SNES Emulator + # vbam # Game Boy Advanced Emulator + # fceux # NES Emulator + # # play station + # rpcs3 # PS3 Emulator + # pcsx2 # PS2 Emulator + # pcsxr # PS1 Emulator + # # TODO: more play station emulators here when they come out + # #misc + # stella # Atari 2600 Emulator + # mame # mame Emulator ] ); } \ No newline at end of file From 09cc8450517efd3bbcda035cc367ed9521028fb5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:23:15 -0500 Subject: [PATCH 039/932] added command line tools to leyla --- users/leyla/packages.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 8ef0beb3..68e0547c 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -50,6 +50,11 @@ in # rpi-imager # fritzing + # comand line tools + yt-dlp + ffmpeg + imagemagick + # proprietary platforms discord obsidian From c866449822003e086c92bf2ee6756344749393c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 9 Jul 2024 18:23:15 -0500 Subject: [PATCH 040/932] added command line tools to leyla --- users/leyla/packages.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 8ef0beb3..68e0547c 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -50,6 +50,11 @@ in # rpi-imager # fritzing + # comand line tools + yt-dlp + ffmpeg + imagemagick + # proprietary platforms discord obsidian From f02f5046aab2a73f2b4c6cfc28a0f7ebd744f6ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 16:07:18 -0500 Subject: [PATCH 041/932] added back in easytag --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 68e0547c..b2dffbf5 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -43,7 +43,7 @@ in makemkv transmission-gtk onionshare - # easytag + easytag # rhythmbox (lib.mkIf cfg.hasGPU obs-studio) # wireshark From cae7b865833d0683a1eeef0b540912756f089465 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 16:07:18 -0500 Subject: [PATCH 042/932] added back in easytag --- users/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 68e0547c..b2dffbf5 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -43,7 +43,7 @@ in makemkv transmission-gtk onionshare - # easytag + easytag # rhythmbox (lib.mkIf cfg.hasGPU obs-studio) # wireshark From e28365b30ee617dc619a9c10f6a5e4e6743f730c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 21:19:44 -0500 Subject: [PATCH 043/932] added twilight system --- flake.nix | 7 +++++++ hosts/twilight/configuration.nix | 4 ++-- hosts/twilight/hardware-configuration.nix | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 hosts/twilight/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index b97f0a08..43893ba9 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,13 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + twilight = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/twilight/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; }; }; } diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 6930d8f9..06a0a3ac 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,5 @@ # leyla desktop -{}: +{ config, pkgs, inputs, modulesPath, ... }: { -} \ No newline at end of file +} diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix new file mode 100644 index 00000000..2ddff10c --- /dev/null +++ b/hosts/twilight/hardware-configuration.nix @@ -0,0 +1,4 @@ + +{ + +} \ No newline at end of file From 01fb021284f302c5c1a987db52922377b31ecaa3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 28 Jul 2024 21:19:44 -0500 Subject: [PATCH 044/932] added twilight system --- flake.nix | 7 +++++++ hosts/twilight/configuration.nix | 4 ++-- hosts/twilight/hardware-configuration.nix | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 hosts/twilight/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index b97f0a08..43893ba9 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,13 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + twilight = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/twilight/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; }; }; } diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 6930d8f9..06a0a3ac 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,5 @@ # leyla desktop -{}: +{ config, pkgs, inputs, modulesPath, ... }: { -} \ No newline at end of file +} diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix new file mode 100644 index 00000000..2ddff10c --- /dev/null +++ b/hosts/twilight/hardware-configuration.nix @@ -0,0 +1,4 @@ + +{ + +} \ No newline at end of file From cd6812e97436922b0994f587247f5439f41c58c2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 1 Aug 2024 19:14:29 -0500 Subject: [PATCH 045/932] updated packages --- enviroments/client/default.nix | 1 - flake.lock | 38 +++++++++++++++++----------------- users/leyla/packages.nix | 4 ++-- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0a..041ed49d 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -30,7 +30,6 @@ }; # Enable sound with pipewire. - sound.enable = true; hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { diff --git a/flake.lock b/flake.lock index 59947ee3..f2b124ec 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1717525419, - "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", + "lastModified": 1722462338, + "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", "owner": "nix-community", "repo": "home-manager", - "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", + "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717574423, - "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1722421184, + "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "type": "github" }, "original": { @@ -54,27 +54,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1717265169, - "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1717112898, - "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", + "lastModified": 1721466660, + "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", + "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1717455931, - "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", + "lastModified": 1722114803, + "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", + "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", "type": "github" }, "original": { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index b2dffbf5..2266dd19 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -38,10 +38,10 @@ in gimp krita freecad - cura + # cura kicad-small makemkv - transmission-gtk + transmission_4-gtk onionshare easytag # rhythmbox From b2ed3dfa335502b38f44501965dbaeeed3f44766 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 1 Aug 2024 19:14:29 -0500 Subject: [PATCH 046/932] updated packages --- enviroments/client/default.nix | 1 - flake.lock | 38 +++++++++++++++++----------------- users/leyla/packages.nix | 4 ++-- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0a..041ed49d 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -30,7 +30,6 @@ }; # Enable sound with pipewire. - sound.enable = true; hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { diff --git a/flake.lock b/flake.lock index 59947ee3..f2b124ec 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1717525419, - "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=", + "lastModified": 1722462338, + "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", "owner": "nix-community", "repo": "home-manager", - "rev": "a7117efb3725e6197dd95424136f79147aa35e5b", + "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1717574423, - "narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=", + "lastModified": 1722332872, + "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177", + "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1717602782, - "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", + "lastModified": 1722421184, + "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", + "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", "type": "github" }, "original": { @@ -54,27 +54,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1717265169, - "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=", + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1717112898, - "narHash": "sha256-7R2ZvOnvd9h8fDd65p0JnB7wXfUvreox3xFdYWd1BnY=", + "lastModified": 1721466660, + "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6132b0f6e344ce2fe34fc051b72fb46e34f668e0", + "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1717455931, - "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=", + "lastModified": 1722114803, + "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0", + "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", "type": "github" }, "original": { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index b2dffbf5..2266dd19 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -38,10 +38,10 @@ in gimp krita freecad - cura + # cura kicad-small makemkv - transmission-gtk + transmission_4-gtk onionshare easytag # rhythmbox From b72941c75f8d168605d8b655b59b375ac933bb82 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:14:45 -0500 Subject: [PATCH 047/932] created hardware configuration for twilight --- hosts/twilight/hardware-configuration.nix | 40 +++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ddff10c..9bd1e703 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -1,4 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: { - -} \ No newline at end of file + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} + From 4e906c894da4cdc02994525ea97bf85185881b56 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:14:45 -0500 Subject: [PATCH 048/932] created hardware configuration for twilight --- hosts/twilight/hardware-configuration.nix | 40 +++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ddff10c..9bd1e703 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -1,4 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: { - -} \ No newline at end of file + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} + From 5962641f03538532176b71eebda91678a5bb2cb5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:15:20 -0500 Subject: [PATCH 049/932] updated twilight configuration --- enviroments/client/default.nix | 2 +- flake.nix | 2 + hosts/twilight/configuration.nix | 89 ++++++++++++++++++++++- hosts/twilight/hardware-configuration.nix | 21 ++++++ 4 files changed, 111 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0a..08c31712 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -16,7 +16,7 @@ # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + services.xserver.desktopManager.xterm.enable = false; # Get rid of xTerm services.xserver.excludePackages = [ pkgs.xterm ]; diff --git a/flake.nix b/flake.nix index 43893ba9..39020625 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,7 @@ packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); nixosConfigurations = { + # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ @@ -31,6 +32,7 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 06a0a3ac..c2145e98 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,90 @@ -# leyla desktop -{ config, pkgs, inputs, modulesPath, ... }: +# leyla laptop +{ config, pkgs, inputs, ... }: { + imports = + [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ./hardware-configuration.nix + + ../../enviroments/client + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + networking.hostName = "twilight"; # Define your hostname. + + # enabled virtualisation for docker + # virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # Enable OpenGL + hardware.opengl = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 9bd1e703..ef715025 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -23,6 +23,27 @@ fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; swapDevices = [ ]; From a0da53da75a987a3592b0869adf8099694b9f875 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 21 Aug 2024 22:15:20 -0500 Subject: [PATCH 050/932] updated twilight configuration --- enviroments/client/default.nix | 2 +- flake.nix | 2 + hosts/twilight/configuration.nix | 89 ++++++++++++++++++++++- hosts/twilight/hardware-configuration.nix | 21 ++++++ 4 files changed, 111 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index c0f82e0a..08c31712 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -16,7 +16,7 @@ # Enable the GNOME Desktop Environment. services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + services.xserver.desktopManager.xterm.enable = false; # Get rid of xTerm services.xserver.excludePackages = [ pkgs.xterm ]; diff --git a/flake.nix b/flake.nix index 43893ba9..39020625 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,7 @@ packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); nixosConfigurations = { + # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ @@ -31,6 +32,7 @@ nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; + # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 06a0a3ac..c2145e98 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,5 +1,90 @@ -# leyla desktop -{ config, pkgs, inputs, modulesPath, ... }: +# leyla laptop +{ config, pkgs, inputs, ... }: { + imports = + [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + ./hardware-configuration.nix + + ../../enviroments/client + ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.kernelModules = [ "sg" ]; + + networking.hostName = "twilight"; # Define your hostname. + + # enabled virtualisation for docker + # virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # Enable OpenGL + hardware.opengl = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 9bd1e703..ef715025 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -23,6 +23,27 @@ fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; + + fileSystems."/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + fileSystems."/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; swapDevices = [ ]; From 96ef08b010f62a0e470763eba5024cbbce29ba49 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:20 -0500 Subject: [PATCH 051/932] created rebuild.sh for rebuilding current active system quickly --- rebuild.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 rebuild.sh diff --git a/rebuild.sh b/rebuild.sh new file mode 100755 index 00000000..7f2a072e --- /dev/null +++ b/rebuild.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file From f7963b8010d063c2efddb96b6a93edaf33cbc6d7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:20 -0500 Subject: [PATCH 052/932] created rebuild.sh for rebuilding current active system quickly --- rebuild.sh | 3 +++ 1 file changed, 3 insertions(+) create mode 100755 rebuild.sh diff --git a/rebuild.sh b/rebuild.sh new file mode 100755 index 00000000..7f2a072e --- /dev/null +++ b/rebuild.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file From 4cd603416d71b40a1cf7028809047c95a2889464 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:46 -0500 Subject: [PATCH 053/932] added docker to leyla and horizon --- hosts/horizon/configuration.nix | 9 ++++++++- users/leyla/default.nix | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index ecb5b475..26768f80 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -29,7 +29,14 @@ networking.hostName = "horizon"; # Define your hostname. # enabled virtualisation for docker - # virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 2f798be3..41daeb21 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { From 8d48ce99a1dda2e827c33af32693d584cc79cc15 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:46 -0500 Subject: [PATCH 054/932] added docker to leyla and horizon --- hosts/horizon/configuration.nix | 9 ++++++++- users/leyla/default.nix | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index ecb5b475..26768f80 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -29,7 +29,14 @@ networking.hostName = "horizon"; # Define your hostname. # enabled virtualisation for docker - # virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 2f798be3..41daeb21 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -35,7 +35,7 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" ]; + extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { From 07bdf080215d763cc1055dcc4d4a76631a094b2a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:54 -0500 Subject: [PATCH 055/932] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f2b124ec..0869d118 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1722462338, - "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722332872, - "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", + "lastModified": 1724495652, + "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", + "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1724224976, + "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1722114803, - "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "type": "github" }, "original": { From 3cf43bbe9dc55068552cb84c73a2b41670d2795b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:57:54 -0500 Subject: [PATCH 056/932] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index f2b124ec..0869d118 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1722462338, - "narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "6e090576c4824b16e8759ebca3958c5b09659ee8", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722332872, - "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", + "lastModified": 1724495652, + "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", + "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722421184, - "narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=", + "lastModified": 1724224976, + "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58", + "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1722114803, - "narHash": "sha256-s6YhI8UHwQvO4cIFLwl1wZ1eS5Cuuw7ld2VzUchdFP0=", + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "eb34eb588132d653e4c4925d862f1e5a227cc2ab", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "type": "github" }, "original": { From aabad6f30eb20db2cfafba4e3b48dadf830a8412 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:58:05 -0500 Subject: [PATCH 057/932] enabled hardware graphics on horizon --- hosts/horizon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 26768f80..79fa5557 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -37,6 +37,7 @@ }; }; + hardware.graphics.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; From c181da1de5fba56c0d2de0ace2ba36c97afd6a70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 Aug 2024 23:58:05 -0500 Subject: [PATCH 058/932] enabled hardware graphics on horizon --- hosts/horizon/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 26768f80..79fa5557 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -37,6 +37,7 @@ }; }; + hardware.graphics.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; From eca25529d7ef2c9feec4d8ec7d3aabaf190052b6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 Aug 2024 11:53:34 -0500 Subject: [PATCH 059/932] set up defiant --- README.md | 2 +- enviroments/client/default.nix | 21 --------------------- enviroments/common/default.nix | 21 +++++++++++++++++++++ enviroments/server/default.nix | 7 +++++++ flake.nix | 11 +++++++++-- hosts/defiant/configuration.nix | 12 ++++++++++++ hosts/defiant/hardware-configuration.nix | 11 +++++++++++ 7 files changed, 61 insertions(+), 24 deletions(-) create mode 100644 enviroments/server/default.nix create mode 100644 hosts/defiant/configuration.nix create mode 100644 hosts/defiant/hardware-configuration.nix diff --git a/README.md b/README.md index cedb557f..1cfbddfe 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,6 @@ Build Command: | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | Steam Desk | Leyla | Handheld | +| `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 060e51f0..fba0edd8 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -45,31 +45,10 @@ #media-session.enable = true; }; - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - environment.systemPackages = with pkgs; [ - # version control - git - # helvetica font aileron - # system debuging tools - iputils - dnsutils - cachefilesd ]; } \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 31156250..6aeeb97f 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -9,8 +9,29 @@ # Set your time zone. time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget + + # version control + git + + # system debuging tools + iputils + dnsutils ]; } \ No newline at end of file diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix new file mode 100644 index 00000000..861f1424 --- /dev/null +++ b/enviroments/server/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 39020625..5d86baed 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,7 @@ nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default @@ -34,12 +34,19 @@ }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/twilight/configuration.nix inputs.home-manager.nixosModules.default ]; }; + # NAS Service + defiant = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inpits; } + modules = [ + ./hosts/defiant/configuration.nix + ] + }; }; }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix new file mode 100644 index 00000000..c148f940 --- /dev/null +++ b/hosts/defiant/configuration.nix @@ -0,0 +1,12 @@ +# server nas +{ config, pkgs, inputs, ... }: +{ + imports = + [ + inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../enviroments/server + ]; +} \ No newline at end of file diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix new file mode 100644 index 00000000..f7efd4bc --- /dev/null +++ b/hosts/defiant/hardware-configuration.nix @@ -0,0 +1,11 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + +} \ No newline at end of file From 90b53df81c20befe84adce29acf040dc4c5841d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 Aug 2024 11:53:34 -0500 Subject: [PATCH 060/932] set up defiant --- README.md | 2 +- enviroments/client/default.nix | 21 --------------------- enviroments/common/default.nix | 21 +++++++++++++++++++++ enviroments/server/default.nix | 7 +++++++ flake.nix | 11 +++++++++-- hosts/defiant/configuration.nix | 12 ++++++++++++ hosts/defiant/hardware-configuration.nix | 11 +++++++++++ 7 files changed, 61 insertions(+), 24 deletions(-) create mode 100644 enviroments/server/default.nix create mode 100644 hosts/defiant/configuration.nix create mode 100644 hosts/defiant/hardware-configuration.nix diff --git a/README.md b/README.md index cedb557f..1cfbddfe 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,6 @@ Build Command: | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | Steam Desk | Leyla | Handheld | +| `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 060e51f0..fba0edd8 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -45,31 +45,10 @@ #media-session.enable = true; }; - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - environment.systemPackages = with pkgs; [ - # version control - git - # helvetica font aileron - # system debuging tools - iputils - dnsutils - cachefilesd ]; } \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 31156250..6aeeb97f 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -9,8 +9,29 @@ # Set your time zone. time.timeZone = "America/Chicago"; + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget + + # version control + git + + # system debuging tools + iputils + dnsutils ]; } \ No newline at end of file diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix new file mode 100644 index 00000000..861f1424 --- /dev/null +++ b/enviroments/server/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index 39020625..5d86baed 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,7 @@ nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/horizon/configuration.nix inputs.home-manager.nixosModules.default @@ -34,12 +34,19 @@ }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = { inherit inputs; }; modules = [ ./hosts/twilight/configuration.nix inputs.home-manager.nixosModules.default ]; }; + # NAS Service + defiant = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inpits; } + modules = [ + ./hosts/defiant/configuration.nix + ] + }; }; }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix new file mode 100644 index 00000000..c148f940 --- /dev/null +++ b/hosts/defiant/configuration.nix @@ -0,0 +1,12 @@ +# server nas +{ config, pkgs, inputs, ... }: +{ + imports = + [ + inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../enviroments/server + ]; +} \ No newline at end of file diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix new file mode 100644 index 00000000..f7efd4bc --- /dev/null +++ b/hosts/defiant/hardware-configuration.nix @@ -0,0 +1,11 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + +} \ No newline at end of file From feb7844c7dfe9a4389c94a74b527ebd85ddefe55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:06:36 -0500 Subject: [PATCH 061/932] fixed defiant configuration --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 5d86baed..33b4f83d 100644 --- a/flake.nix +++ b/flake.nix @@ -42,10 +42,10 @@ }; # NAS Service defiant = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inpits; } + specialArgs = { inherit inputs; }; modules = [ ./hosts/defiant/configuration.nix - ] + ]; }; }; }; From 8b6ed7f0a05f09288c76d238fb349c11f2d4c54b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:06:36 -0500 Subject: [PATCH 062/932] fixed defiant configuration --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 5d86baed..33b4f83d 100644 --- a/flake.nix +++ b/flake.nix @@ -42,10 +42,10 @@ }; # NAS Service defiant = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inpits; } + specialArgs = { inherit inputs; }; modules = [ ./hosts/defiant/configuration.nix - ] + ]; }; }; }; From 38ee264e080ffe5c3d7b03a7f66e1f234f776db2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:07:04 -0500 Subject: [PATCH 063/932] added gnome super t hotkey to declarative configs --- users/leyla/home.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 3b26ed47..c2fe4eab 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -80,4 +80,46 @@ extraConfig.init.defaultBranch = "main"; }; }; + + dconf.settings = { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; + }; + + # dconf.settings = { + # "org/gnome/settings-daemon/plugins/media-keys" = { + # custom-keybindings = [ + # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + # ]; + # }; + # }; + + # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + # binding = "t"; + # command = "kgx"; + # name = "Open Terminal"; + # }; + + + # services.xserver.desktopManager.gnome3 = { + # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; + # extraGSettingsOverrides = '' + # [org.gnome.settings-daemon.plugins.media-keys] + # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] + + + # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] + # binding='t' + # command='kgx' + # name='Open terminal' + # ''; + # } } From 846533f001a0407bd472495e33b6066bb25f120c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:07:04 -0500 Subject: [PATCH 064/932] added gnome super t hotkey to declarative configs --- users/leyla/home.nix | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 3b26ed47..c2fe4eab 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -80,4 +80,46 @@ extraConfig.init.defaultBranch = "main"; }; }; + + dconf.settings = { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; + }; + + # dconf.settings = { + # "org/gnome/settings-daemon/plugins/media-keys" = { + # custom-keybindings = [ + # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + # ]; + # }; + # }; + + # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + # binding = "t"; + # command = "kgx"; + # name = "Open Terminal"; + # }; + + + # services.xserver.desktopManager.gnome3 = { + # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; + # extraGSettingsOverrides = '' + # [org.gnome.settings-daemon.plugins.media-keys] + # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] + + + # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] + # binding='t' + # command='kgx' + # name='Open terminal' + # ''; + # } } From cdd3967f7271f9207943b304f3f83a560d224b33 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:41:15 -0500 Subject: [PATCH 065/932] added dash to dock for leyls --- enviroments/client/default.nix | 2 ++ users/leyla/home.nix | 47 ++++++++++++++++++++++++++-------- 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fba0edd8..a08942e3 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -50,5 +50,7 @@ aileron cachefilesd + + gnomeExtensions.dash-to-dock ]; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c2fe4eab..dd9b57e4 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -81,16 +81,43 @@ }; }; - dconf.settings = { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = true; + "show-mounts" = false; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; }; }; From 394c5b815a804edf98fcf0991c62dd427f2a8ec0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 13:41:15 -0500 Subject: [PATCH 066/932] added dash to dock for leyls --- enviroments/client/default.nix | 2 ++ users/leyla/home.nix | 47 ++++++++++++++++++++++++++-------- 2 files changed, 39 insertions(+), 10 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index fba0edd8..a08942e3 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -50,5 +50,7 @@ aileron cachefilesd + + gnomeExtensions.dash-to-dock ]; } \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c2fe4eab..dd9b57e4 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -81,16 +81,43 @@ }; }; - dconf.settings = { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = true; + "show-mounts" = false; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; }; }; From 72b62bed3706dd15efd683595134d36fc72e354a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:30:16 -0500 Subject: [PATCH 067/932] added hardware config for defiant --- hosts/defiant/hardware-configuration.nix | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index f7efd4bc..088af3fc 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -7,5 +7,27 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } \ No newline at end of file From 0389206ec1afeeaac9de6b2057a2a3691a52d1c7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:30:16 -0500 Subject: [PATCH 068/932] added hardware config for defiant --- hosts/defiant/hardware-configuration.nix | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index f7efd4bc..088af3fc 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -7,5 +7,27 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } \ No newline at end of file From 1217959d6d76cc862d879d5845e63c585898d84c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:51:30 -0500 Subject: [PATCH 069/932] added password for remote user --- README.md | 21 ++++++++++++++++++--- users/remote/default.nix | 3 +++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1cfbddfe..31eec77a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ +# Hosts -Build Command: -`sudo nixos-rebuild switch --flake .#hostname` - +## Host Map | Hostname | Device Description | Primary User | Role | | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | @@ -9,3 +8,19 @@ Build Command: | `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | + + +### Rebuild current machine to match target host: +`sudo nixos-rebuild switch --flake .#hostname` + +### Rebuild current machine maintaining current target +`./rebuild.sh` + +# New machine setup +keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt + +updating passwords: `sops secrets/secrets.yaml` + +> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU + +> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ diff --git a/users/remote/default.nix b/users/remote/default.nix index 491bc51f..6792b740 100644 --- a/users/remote/default.nix +++ b/users/remote/default.nix @@ -19,6 +19,9 @@ in ( if cfg.isNormalUser then { # extraGroups = [ "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/remote".path; + isNormalUser = true; openssh.authorizedKeys.keys = []; } else { From 6393af9620be93178b2df3c4aca2b8fa74f8d2a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 20:51:30 -0500 Subject: [PATCH 070/932] added password for remote user --- README.md | 21 ++++++++++++++++++--- secrets/secrets.yaml | 7 ++++--- users/remote/default.nix | 3 +++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 1cfbddfe..31eec77a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ +# Hosts -Build Command: -`sudo nixos-rebuild switch --flake .#hostname` - +## Host Map | Hostname | Device Description | Primary User | Role | | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | @@ -9,3 +8,19 @@ Build Command: | `defiant` | NAS Server | Leyla | Service | | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | + + +### Rebuild current machine to match target host: +`sudo nixos-rebuild switch --flake .#hostname` + +### Rebuild current machine maintaining current target +`./rebuild.sh` + +# New machine setup +keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt + +updating passwords: `sops secrets/secrets.yaml` + +> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU + +> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index fb57b2b7..dc3185e2 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -2,6 +2,7 @@ passwords: leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str] ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str] eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str] + remote: ENC[AES256_GCM,data:J/Ew48IO1UGCLl038t87AV0fdxHklfEKhmmsAhd4jPbyK88i/GjljF7mSJnlav9L+7GbxbGRjsFXkL753M7hF/n1hcVDAYpGhA==,iv:7PIgHRHXorkrOmjaWaWhu+Evu4SsNFSCk3euPdlGK20=,tag:tQ57gIselHNKlmQ1ySsAAQ==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +18,8 @@ sops: VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+ Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-03T01:27:28Z" - mac: ENC[AES256_GCM,data:ExP2Q8judGmQ5QFdZjmkNuMXlI9XJLeKaFn15Y4YuA2r+qLYYegN/IR1VeDrDO+XfWJJS7qednRnb9gErqUQgwX06AhMFDGUHHgB2lFdr/X0KBNt9EcrQ+S4Zh9zh8aTZesvnLaorz5QqF1Mt4FRz8mFYQIJ3DCWXV0cHrmmvcA=,iv:QBMc5E9SXP7aMCYFF/JnhM3bAuBA6mY4cENOW8SSaW0=,tag:ftg5Q8rS0NfUSogXXKEePA==,type:str] + lastmodified: "2024-09-03T01:50:34Z" + mac: ENC[AES256_GCM,data:il1m33cFCKnL1x2QQWKfvRX7/zea+15PH8KZrAW89EizJowgefR0rpaMgO+I9CyWuIoAV77JrF9echiAvkv+eteJjkkzyG9Qo/gejC0afQAeMLGpJLEk8carxlmhJXZUrqTW3VnIY4cl0CGBinTzGqMJ2WtAQLccoQR7tDP0jBk=,iv:bdDqVdXdqXB32kjUhN8OBz9+4DwrhYAw8eWsxJNGRJ4=,tag:9T+2oBvxW0ssZV4inyvY3Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.0 diff --git a/users/remote/default.nix b/users/remote/default.nix index 491bc51f..6792b740 100644 --- a/users/remote/default.nix +++ b/users/remote/default.nix @@ -19,6 +19,9 @@ in ( if cfg.isNormalUser then { # extraGroups = [ "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/remote".path; + isNormalUser = true; openssh.authorizedKeys.keys = []; } else { From 91fe8cc1b4f1d8b067e01c38ddf09f70158a7e06 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:10:22 -0500 Subject: [PATCH 071/932] updated defiant config so it builds --- enviroments/client/default.nix | 3 --- enviroments/common/default.nix | 3 +++ hosts/defiant/configuration.nix | 38 +++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index a08942e3..ccc5a556 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -7,9 +7,6 @@ # Enable CUPS to print documents. services.printing.enable = true; - # Enable networking - networking.networkmanager.enable = true; - # Enable the X11 windowing system. services.xserver.enable = true; diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 6aeeb97f..59dda193 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -6,6 +6,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Enable networking + networking.networkmanager.enable = true; + # Set your time zone. time.timeZone = "America/Chicago"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index c148f940..dbf4347d 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -3,10 +3,48 @@ { imports = [ + inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ../../enviroments/server ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = false; + users.eve.isNormalUser = false; + + + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; + + networking.hostName = "defiant"; # Define your hostname. + + nixpkgs.config.allowUnfree = true; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } \ No newline at end of file From f8e40790e42e1f6162c19705ab36e0d588030d54 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:10:22 -0500 Subject: [PATCH 072/932] updated defiant config so it builds --- enviroments/client/default.nix | 3 --- enviroments/common/default.nix | 3 +++ hosts/defiant/configuration.nix | 38 +++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index a08942e3..ccc5a556 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -7,9 +7,6 @@ # Enable CUPS to print documents. services.printing.enable = true; - # Enable networking - networking.networkmanager.enable = true; - # Enable the X11 windowing system. services.xserver.enable = true; diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 6aeeb97f..59dda193 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -6,6 +6,9 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Enable networking + networking.networkmanager.enable = true; + # Set your time zone. time.timeZone = "America/Chicago"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index c148f940..dbf4347d 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -3,10 +3,48 @@ { imports = [ + inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops ./hardware-configuration.nix ../../enviroments/server ]; + + sops.defaultSopsFile = ../../secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + + sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + + users.leyla.isNormalUser = true; + users.ester.isNormalUser = false; + users.eve.isNormalUser = false; + + + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; + + networking.hostName = "defiant"; # Define your hostname. + + nixpkgs.config.allowUnfree = true; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.xterm.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? } \ No newline at end of file From dfb59a6444cfd9c0c32e739b87f6b43fe51a8bbc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:20:30 -0500 Subject: [PATCH 073/932] removed remote user --- users/default.nix | 2 +- users/remote/default.nix | 33 --------------------------------- 2 files changed, 1 insertion(+), 34 deletions(-) delete mode 100644 users/remote/default.nix diff --git a/users/default.nix b/users/default.nix index 97133d99..57effe39 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ { inputs, ... }: { - imports = [ ./leyla ./ester ./eve ./remote ]; + imports = [ ./leyla ./ester ./eve ]; users.mutableUsers = false; diff --git a/users/remote/default.nix b/users/remote/default.nix deleted file mode 100644 index 6792b740..00000000 --- a/users/remote/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.users.remote; -in -{ - options.users.remote = { - isNormalUser = lib.mkEnableOption "remote"; - }; - - config.users = { - groups.remote = {}; - - users.remote = lib.mkMerge [ - { - uid = 2000; - group = "remote"; - } - - ( - if cfg.isNormalUser then { - # extraGroups = [ "wheel" ]; - - hashedPasswordFile = config.sops.secrets."passwords/remote".path; - - isNormalUser = true; - openssh.authorizedKeys.keys = []; - } else { - isSystemUser = true; - } - ) - ]; - }; -} \ No newline at end of file From 6dd46478a30d9a006c85d297367e124c9f62917d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:20:30 -0500 Subject: [PATCH 074/932] removed remote user --- secrets/secrets.yaml | 5 ++--- users/default.nix | 2 +- users/remote/default.nix | 33 --------------------------------- 3 files changed, 3 insertions(+), 37 deletions(-) delete mode 100644 users/remote/default.nix diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index dc3185e2..1c7579ef 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -2,7 +2,6 @@ passwords: leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str] ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str] eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str] - remote: ENC[AES256_GCM,data:J/Ew48IO1UGCLl038t87AV0fdxHklfEKhmmsAhd4jPbyK88i/GjljF7mSJnlav9L+7GbxbGRjsFXkL753M7hF/n1hcVDAYpGhA==,iv:7PIgHRHXorkrOmjaWaWhu+Evu4SsNFSCk3euPdlGK20=,tag:tQ57gIselHNKlmQ1ySsAAQ==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +17,8 @@ sops: VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+ Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-03T01:50:34Z" - mac: ENC[AES256_GCM,data:il1m33cFCKnL1x2QQWKfvRX7/zea+15PH8KZrAW89EizJowgefR0rpaMgO+I9CyWuIoAV77JrF9echiAvkv+eteJjkkzyG9Qo/gejC0afQAeMLGpJLEk8carxlmhJXZUrqTW3VnIY4cl0CGBinTzGqMJ2WtAQLccoQR7tDP0jBk=,iv:bdDqVdXdqXB32kjUhN8OBz9+4DwrhYAw8eWsxJNGRJ4=,tag:9T+2oBvxW0ssZV4inyvY3Q==,type:str] + lastmodified: "2024-09-03T02:19:43Z" + mac: ENC[AES256_GCM,data:Wc8nCiXVj6/+FANq82T+KsObOgwKUJTfkEnrK5MRU5gbLF3Skn0BY/alskV4aI9Kgi1cwh5ZBhHNzvyeIujuRB55QYyoocY0Pq7vLH5dgnA58DKEzrb09SAayiiH9hzRSTkdhtxj8FgCAdA6dWVkHEAO351ee67QNkG0nSwDdK0=,iv:vwUO50SKvzAPwACV1xhh7r+Am/OdlkNEN1pMimEVfC8=,tag:yF2CK41sLHLQqIISlQGAGg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/users/default.nix b/users/default.nix index 97133d99..57effe39 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ { inputs, ... }: { - imports = [ ./leyla ./ester ./eve ./remote ]; + imports = [ ./leyla ./ester ./eve ]; users.mutableUsers = false; diff --git a/users/remote/default.nix b/users/remote/default.nix deleted file mode 100644 index 6792b740..00000000 --- a/users/remote/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.users.remote; -in -{ - options.users.remote = { - isNormalUser = lib.mkEnableOption "remote"; - }; - - config.users = { - groups.remote = {}; - - users.remote = lib.mkMerge [ - { - uid = 2000; - group = "remote"; - } - - ( - if cfg.isNormalUser then { - # extraGroups = [ "wheel" ]; - - hashedPasswordFile = config.sops.secrets."passwords/remote".path; - - isNormalUser = true; - openssh.authorizedKeys.keys = []; - } else { - isSystemUser = true; - } - ) - ]; - }; -} \ No newline at end of file From feb30a45bfd626cc495690bf8eec354d5bb43b5c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:23:04 -0500 Subject: [PATCH 075/932] added ssh to defiant --- hosts/defiant/configuration.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index dbf4347d..b5276c81 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -40,6 +40,19 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # temp enable password auth over ssh for setup + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" + }; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From 4ab2cad4d2db16ae6c719b52a2b7824851228d0a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Sep 2024 21:23:04 -0500 Subject: [PATCH 076/932] added ssh to defiant --- hosts/defiant/configuration.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index dbf4347d..b5276c81 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -40,6 +40,19 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # temp enable password auth over ssh for setup + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = true; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" + }; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From 0545051a1b252579cdc1a55a2478d370b4b41a3a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:16:33 -0500 Subject: [PATCH 077/932] added thin user option to leyla --- hosts/defiant/configuration.nix | 2 +- users/leyla/default.nix | 8 +- users/leyla/home.nix | 29 -------- users/leyla/packages.nix | 126 ++++++++++++++------------------ 4 files changed, 64 insertions(+), 101 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b5276c81..123d6126 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,10 +17,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla.isNormalUser = true; + users.leyla.isThinInstallation = true; users.ester.isNormalUser = false; users.eve.isNormalUser = false; - boot.loader.grub = { enable = true; device = "/dev/sda"; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 41daeb21..78a92611 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,6 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; + isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -35,7 +36,12 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; + extraGroups = lib.mkMerge [ + ["networkmanager" "wheel" "docker"] + ( + lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + ) + ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/home.nix b/users/leyla/home.nix index dd9b57e4..1ae00570 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -120,33 +120,4 @@ }; }; }; - - # dconf.settings = { - # "org/gnome/settings-daemon/plugins/media-keys" = { - # custom-keybindings = [ - # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - # ]; - # }; - # }; - - # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - # binding = "t"; - # command = "kgx"; - # name = "Open Terminal"; - # }; - - - # services.xserver.desktopManager.gnome3 = { - # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; - # extraGSettingsOverrides = '' - # [org.gnome.settings-daemon.plugins.media-keys] - # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] - - - # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] - # binding='t' - # command='kgx' - # name='Open terminal' - # ''; - # } } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2266dd19..d6e39b40 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -27,79 +27,65 @@ in ]; users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( - with pkgs; [ - #foss platforms - signal-desktop - bitwarden - firefox - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing + lib.mkMerge [ + ( + with pkgs; [ + # comand line tools + yt-dlp + ffmpeg + imagemagick + ] + ) + ( + lib.mkIf (!cfg.isThinInstallation) ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing - # comand line tools - yt-dlp - ffmpeg - imagemagick + # proprietary platforms + discord + obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) + + # development tools + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - # development tools - vscodium - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno + # system tools + protonvpn-gui + nextcloud-client + noisetorch - # system tools - protonvpn-gui - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf cfg.hasPiperMouse piper) - (lib.mkIf cfg.hasOpenRGBHardware openrgb) - (lib.mkIf cfg.hasViaKeyboard via) - - # # gaming - # # emulators - # # nintendo - # # TODO: replace this with self hosted flake - # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # # TODO: replace this with self hosted flake - # # citra-canary # 3DS emulator - # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - # dolphin-emu # GameCube and Wii Emulator - # desmume # DS Emulator - # mupen64plus # N64 Emulator - # zsnes # SNES Emulator - # vbam # Game Boy Advanced Emulator - # fceux # NES Emulator - # # play station - # rpcs3 # PS3 Emulator - # pcsx2 # PS2 Emulator - # pcsxr # PS1 Emulator - # # TODO: more play station emulators here when they come out - # #misc - # stella # Atari 2600 Emulator - # mame # mame Emulator + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + ] + ) + ) ] ); } \ No newline at end of file From fef18e7902d42ed8f8820fd747a7d0373ce8eea4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:16:33 -0500 Subject: [PATCH 078/932] added thin user option to leyla --- hosts/defiant/configuration.nix | 2 +- users/leyla/default.nix | 8 +- users/leyla/home.nix | 29 -------- users/leyla/packages.nix | 126 ++++++++++++++------------------ 4 files changed, 64 insertions(+), 101 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b5276c81..123d6126 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,10 +17,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla.isNormalUser = true; + users.leyla.isThinInstallation = true; users.ester.isNormalUser = false; users.eve.isNormalUser = false; - boot.loader.grub = { enable = true; device = "/dev/sda"; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 41daeb21..78a92611 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,6 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; + isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -35,7 +36,12 @@ in ( if cfg.isNormalUser then { isNormalUser = true; - extraGroups = [ "networkmanager" "wheel" "adbusers" "docker" ]; + extraGroups = lib.mkMerge [ + ["networkmanager" "wheel" "docker"] + ( + lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + ) + ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; } else { diff --git a/users/leyla/home.nix b/users/leyla/home.nix index dd9b57e4..1ae00570 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -120,33 +120,4 @@ }; }; }; - - # dconf.settings = { - # "org/gnome/settings-daemon/plugins/media-keys" = { - # custom-keybindings = [ - # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - # ]; - # }; - # }; - - # "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - # binding = "t"; - # command = "kgx"; - # name = "Open Terminal"; - # }; - - - # services.xserver.desktopManager.gnome3 = { - # extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ]; - # extraGSettingsOverrides = '' - # [org.gnome.settings-daemon.plugins.media-keys] - # custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/'] - - - # [org.gnome.settings-daemon.plugins.media-keys.custom-keybindings.custom0] - # binding='t' - # command='kgx' - # name='Open terminal' - # ''; - # } } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2266dd19..d6e39b40 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -27,79 +27,65 @@ in ]; users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( - with pkgs; [ - #foss platforms - signal-desktop - bitwarden - firefox - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing + lib.mkMerge [ + ( + with pkgs; [ + # comand line tools + yt-dlp + ffmpeg + imagemagick + ] + ) + ( + lib.mkIf (!cfg.isThinInstallation) ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing - # comand line tools - yt-dlp - ffmpeg - imagemagick + # proprietary platforms + discord + obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) + + # development tools + vscodium + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - # development tools - vscodium - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno + # system tools + protonvpn-gui + nextcloud-client + noisetorch - # system tools - protonvpn-gui - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf cfg.hasPiperMouse piper) - (lib.mkIf cfg.hasOpenRGBHardware openrgb) - (lib.mkIf cfg.hasViaKeyboard via) - - # # gaming - # # emulators - # # nintendo - # # TODO: replace this with self hosted flake - # # (lib.mkIf cfg.hasGPU yuzu-mainline) # Switch Emulator - # # TODO: replace this with self hosted flake - # # citra-canary # 3DS emulator - # (lib.mkIf cfg.hasGPU cemu) # Wii-U emulator - # dolphin-emu # GameCube and Wii Emulator - # desmume # DS Emulator - # mupen64plus # N64 Emulator - # zsnes # SNES Emulator - # vbam # Game Boy Advanced Emulator - # fceux # NES Emulator - # # play station - # rpcs3 # PS3 Emulator - # pcsx2 # PS2 Emulator - # pcsxr # PS1 Emulator - # # TODO: more play station emulators here when they come out - # #misc - # stella # Atari 2600 Emulator - # mame # mame Emulator + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + ] + ) + ) ] ); } \ No newline at end of file From e9645905f45d6e29c0583e437a8c1f9cb92296b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:26:27 -0500 Subject: [PATCH 079/932] cleaned up configs --- README.md | 4 +++- hosts/defiant/configuration.nix | 6 ++++-- hosts/twilight/configuration.nix | 8 +++++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 31eec77a..706b38f6 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,8 @@ keys for decrypting password secrets for each users located at ~/.config/sops/ag updating passwords: `sops secrets/secrets.yaml` +TODO: keys.txt should prob be readable by owning user only? + > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 123d6126..735d31e7 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,8 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.leyla.isThinInstallation = true; + users.leyla = { + isNormalUser = true; + isThinInstallation = true; + }; users.ester.isNormalUser = false; users.eve.isNormalUser = false; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index c2145e98..eee38bee 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -16,7 +16,13 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; + users.leyla = { + isNormalUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; users.ester.isNormalUser = true; users.eve.isNormalUser = true; From 62c0faf5ce0dccbe0e18a60d8b44f1871ea856c3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:26:27 -0500 Subject: [PATCH 080/932] cleaned up configs --- README.md | 4 +++- hosts/defiant/configuration.nix | 6 ++++-- hosts/twilight/configuration.nix | 8 +++++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 31eec77a..706b38f6 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,8 @@ keys for decrypting password secrets for each users located at ~/.config/sops/ag updating passwords: `sops secrets/secrets.yaml` +TODO: keys.txt should prob be readable by owning user only? + > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? https://technotim.live/posts/rotate-sops-encryption-keys/ +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 123d6126..735d31e7 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,8 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.leyla.isThinInstallation = true; + users.leyla = { + isNormalUser = true; + isThinInstallation = true; + }; users.ester.isNormalUser = false; users.eve.isNormalUser = false; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index c2145e98..eee38bee 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -16,7 +16,13 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; + users.leyla = { + isNormalUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; users.ester.isNormalUser = true; users.eve.isNormalUser = true; From b1053ad5e2f748962386d8ded34ed6afdd0f122c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:31:54 -0500 Subject: [PATCH 081/932] created list of tech debt built up --- debt.txt | 7 +++++++ hosts/defiant/configuration.nix | 2 -- hosts/twilight/configuration.nix | 4 +--- 3 files changed, 8 insertions(+), 5 deletions(-) create mode 100644 debt.txt diff --git a/debt.txt b/debt.txt new file mode 100644 index 00000000..32af1710 --- /dev/null +++ b/debt.txt @@ -0,0 +1,7 @@ +1. Open GL? +2. allowUnfree should be dynamically enabled by the users whenever they need them +3. graphics driver things should prob be in the hardware-configuration.nix +4. what does `boot.kernelModules = [ "sg" ]` do? +5. sops.age.keyFile should not just be hard coded to leyla? +6. openssh configuration for server +7. isThinInstallation -> isThinUser diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 735d31e7..99cbde4f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,8 +20,6 @@ isNormalUser = true; isThinInstallation = true; }; - users.ester.isNormalUser = false; - users.eve.isNormalUser = false; boot.loader.grub = { enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index eee38bee..88cd750c 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -44,9 +44,7 @@ nixpkgs.config.allowUnfree = true; # Enable OpenGL - hardware.opengl = { - enable = true; - }; + hardware.graphics.enable = true; # Load nvidia driver for Xorg and Wayland services.xserver.videoDrivers = ["nvidia"]; From ccd44ff2085e062c46d10ce557664508b9b68cdd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:31:54 -0500 Subject: [PATCH 082/932] created list of tech debt built up --- debt.txt | 7 +++++++ hosts/defiant/configuration.nix | 2 -- hosts/twilight/configuration.nix | 4 +--- 3 files changed, 8 insertions(+), 5 deletions(-) create mode 100644 debt.txt diff --git a/debt.txt b/debt.txt new file mode 100644 index 00000000..32af1710 --- /dev/null +++ b/debt.txt @@ -0,0 +1,7 @@ +1. Open GL? +2. allowUnfree should be dynamically enabled by the users whenever they need them +3. graphics driver things should prob be in the hardware-configuration.nix +4. what does `boot.kernelModules = [ "sg" ]` do? +5. sops.age.keyFile should not just be hard coded to leyla? +6. openssh configuration for server +7. isThinInstallation -> isThinUser diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 735d31e7..99cbde4f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,8 +20,6 @@ isNormalUser = true; isThinInstallation = true; }; - users.ester.isNormalUser = false; - users.eve.isNormalUser = false; boot.loader.grub = { enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index eee38bee..88cd750c 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -44,9 +44,7 @@ nixpkgs.config.allowUnfree = true; # Enable OpenGL - hardware.opengl = { - enable = true; - }; + hardware.graphics.enable = true; # Load nvidia driver for Xorg and Wayland services.xserver.videoDrivers = ["nvidia"]; From 58db4a0dee96b2e231a912d2d0b643c2263e63b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:12 -0500 Subject: [PATCH 083/932] removed now unused allow insecure --- users/leyla/packages.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d6e39b40..f2350b73 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,10 +22,6 @@ in programs.adb.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( lib.mkMerge [ ( From 613d087e9cfe3174a5e7e7ee80cea1619bcc1dac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:12 -0500 Subject: [PATCH 084/932] removed now unused allow insecure --- users/leyla/packages.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d6e39b40..f2350b73 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,10 +22,6 @@ in programs.adb.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" - ]; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( lib.mkMerge [ ( From 6149b54fd1c6c5d9fd3c85ca7132a03d0efe3594 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:19 -0500 Subject: [PATCH 085/932] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0869d118..ec704cfc 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724495652, - "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1725201042, + "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", "type": "github" }, "original": { From 876ee45e4daf410721b0a95b678868ca2dc82c6f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:33:19 -0500 Subject: [PATCH 086/932] updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 0869d118..ec704cfc 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724495652, - "narHash": "sha256-Q/sAhwemnZqAsSadjTNqTkoLN2xPouPdU1oLJ3Tjlhg=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1c84c314db42dd40ed6cf9293b9451ec2e7ebee4", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1725201042, + "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", "type": "github" }, "original": { From 531c90b22acc550d17c4b4e91c96fd47c53b2e4d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:42:29 -0500 Subject: [PATCH 087/932] renamed debt file to tasks file --- debt.txt => tasks.txt | 5 +++++ 1 file changed, 5 insertions(+) rename debt.txt => tasks.txt (62%) diff --git a/debt.txt b/tasks.txt similarity index 62% rename from debt.txt rename to tasks.txt index 32af1710..be1f0e46 100644 --- a/debt.txt +++ b/tasks.txt @@ -5,3 +5,8 @@ 5. sops.age.keyFile should not just be hard coded to leyla? 6. openssh configuration for server 7. isThinInstallation -> isThinUser +8. VS code extensions should be installed declaratively +9. firefox declarative??? +10. figure out steam vr things? +11. GNOME default monitors per hardware configuration? +12. Install all the things on the NAS \ No newline at end of file From f418705e493e3dd477b0f0f49c84c55784e3d04c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:42:29 -0500 Subject: [PATCH 088/932] renamed debt file to tasks file --- debt.txt => tasks.txt | 5 +++++ 1 file changed, 5 insertions(+) rename debt.txt => tasks.txt (62%) diff --git a/debt.txt b/tasks.txt similarity index 62% rename from debt.txt rename to tasks.txt index 32af1710..be1f0e46 100644 --- a/debt.txt +++ b/tasks.txt @@ -5,3 +5,8 @@ 5. sops.age.keyFile should not just be hard coded to leyla? 6. openssh configuration for server 7. isThinInstallation -> isThinUser +8. VS code extensions should be installed declaratively +9. firefox declarative??? +10. figure out steam vr things? +11. GNOME default monitors per hardware configuration? +12. Install all the things on the NAS \ No newline at end of file From d16deca6357267c6d7e719f47e8ec5bed3b7ca81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:00 -0500 Subject: [PATCH 089/932] added flake templates to tasks --- tasks.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks.txt b/tasks.txt index be1f0e46..07ce8caf 100644 --- a/tasks.txt +++ b/tasks.txt @@ -9,4 +9,5 @@ 9. firefox declarative??? 10. figure out steam vr things? 11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS \ No newline at end of file +12. Install all the things on the NAS +13. Flake templates \ No newline at end of file From cc2c9093c841155d5d384b06caf10fb46e165836 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:00 -0500 Subject: [PATCH 090/932] added flake templates to tasks --- tasks.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks.txt b/tasks.txt index be1f0e46..07ce8caf 100644 --- a/tasks.txt +++ b/tasks.txt @@ -9,4 +9,5 @@ 9. firefox declarative??? 10. figure out steam vr things? 11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS \ No newline at end of file +12. Install all the things on the NAS +13. Flake templates \ No newline at end of file From 6391b0522d45175276e9b998448a6fa3ee2f00b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:44 -0500 Subject: [PATCH 091/932] removed un needed comments --- pkgs/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index b0fd62ba..9a81f3b6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,3 @@ pkgs: { - # yuzu-clone = pkgs.callPackage ./yuzo { }; - # citra-clone = pkgs.callPackage ./citra { }; + } \ No newline at end of file From e028eeeca38e4c28e2dea1fcd818324a1f0e48e5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 00:44:44 -0500 Subject: [PATCH 092/932] removed un needed comments --- pkgs/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index b0fd62ba..9a81f3b6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,3 @@ pkgs: { - # yuzu-clone = pkgs.callPackage ./yuzo { }; - # citra-clone = pkgs.callPackage ./citra { }; + } \ No newline at end of file From 0e58bc282b04a1e8c78dda11ccaa95ca4483a995 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:15:01 -0500 Subject: [PATCH 093/932] moved tasks into README --- README.md | 20 +++++++++++++++++++- tasks.txt | 13 ------------- 2 files changed, 19 insertions(+), 14 deletions(-) delete mode 100644 tasks.txt diff --git a/README.md b/README.md index 706b38f6..7cd1f810 100644 --- a/README.md +++ b/README.md @@ -25,4 +25,22 @@ TODO: keys.txt should prob be readable by owning user only? > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` + +# Tasks: + +## Tech Debt +- allowUnfree should be dynamically enabled by the users whenever they need them +- GNOME default monitors per hardware configuration? +- graphics driver things should prob be in the hardware-configuration.nix +- what does `boot.kernelModules = [ "sg" ]` do? +- sops.age.keyFile should not just be hard coded to leyla? +- isThinInstallation -> isThinUser +## New Features +- openssh configuration for server +- VS code extensions should be installed declaratively +- Flake templates +- Install all the things on the NAS +- firefox declarative??? +- figure out steam vr things? +- Open GL? \ No newline at end of file diff --git a/tasks.txt b/tasks.txt deleted file mode 100644 index 07ce8caf..00000000 --- a/tasks.txt +++ /dev/null @@ -1,13 +0,0 @@ -1. Open GL? -2. allowUnfree should be dynamically enabled by the users whenever they need them -3. graphics driver things should prob be in the hardware-configuration.nix -4. what does `boot.kernelModules = [ "sg" ]` do? -5. sops.age.keyFile should not just be hard coded to leyla? -6. openssh configuration for server -7. isThinInstallation -> isThinUser -8. VS code extensions should be installed declaratively -9. firefox declarative??? -10. figure out steam vr things? -11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS -13. Flake templates \ No newline at end of file From 8232ae338c6004aa493972d9721e588dee615eb5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:15:01 -0500 Subject: [PATCH 094/932] moved tasks into README --- README.md | 20 +++++++++++++++++++- tasks.txt | 13 ------------- 2 files changed, 19 insertions(+), 14 deletions(-) delete mode 100644 tasks.txt diff --git a/README.md b/README.md index 706b38f6..7cd1f810 100644 --- a/README.md +++ b/README.md @@ -25,4 +25,22 @@ TODO: keys.txt should prob be readable by owning user only? > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` \ No newline at end of file +> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` + +# Tasks: + +## Tech Debt +- allowUnfree should be dynamically enabled by the users whenever they need them +- GNOME default monitors per hardware configuration? +- graphics driver things should prob be in the hardware-configuration.nix +- what does `boot.kernelModules = [ "sg" ]` do? +- sops.age.keyFile should not just be hard coded to leyla? +- isThinInstallation -> isThinUser +## New Features +- openssh configuration for server +- VS code extensions should be installed declaratively +- Flake templates +- Install all the things on the NAS +- firefox declarative??? +- figure out steam vr things? +- Open GL? \ No newline at end of file diff --git a/tasks.txt b/tasks.txt deleted file mode 100644 index 07ce8caf..00000000 --- a/tasks.txt +++ /dev/null @@ -1,13 +0,0 @@ -1. Open GL? -2. allowUnfree should be dynamically enabled by the users whenever they need them -3. graphics driver things should prob be in the hardware-configuration.nix -4. what does `boot.kernelModules = [ "sg" ]` do? -5. sops.age.keyFile should not just be hard coded to leyla? -6. openssh configuration for server -7. isThinInstallation -> isThinUser -8. VS code extensions should be installed declaratively -9. firefox declarative??? -10. figure out steam vr things? -11. GNOME default monitors per hardware configuration? -12. Install all the things on the NAS -13. Flake templates \ No newline at end of file From 30fb7851acbc3e660ac18e20a33a683acce7661c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:10 -0500 Subject: [PATCH 095/932] replaced isThinInstallation with isThinUser added util folder --- README.md | 7 ++++--- hosts/defiant/configuration.nix | 5 +---- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 4 ++-- util/default.nix | 8 ++++++++ 5 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 util/default.nix diff --git a/README.md b/README.md index 7cd1f810..4dc35cf2 100644 --- a/README.md +++ b/README.md @@ -35,12 +35,13 @@ TODO: keys.txt should prob be readable by owning user only? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? - sops.age.keyFile should not just be hard coded to leyla? -- isThinInstallation -> isThinUser +- use dashes for options not camel case ## New Features - openssh configuration for server - VS code extensions should be installed declaratively -- Flake templates +- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? -- Open GL? \ No newline at end of file +- Open GL? +- util functions \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 99cbde4f..05b2f736 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,10 +16,7 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { - isNormalUser = true; - isThinInstallation = true; - }; + users.leyla.isThinUser = true; boot.loader.grub = { enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 78a92611..7d679cce 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,7 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; - isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; + isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -34,12 +34,12 @@ in } ( - if cfg.isNormalUser then { + if (cfg.isNormalUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] ( - lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) ]; @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index f2350b73..7c27a094 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,7 +22,7 @@ in programs.adb.enable = true; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ @@ -33,7 +33,7 @@ in ] ) ( - lib.mkIf (!cfg.isThinInstallation) ( + lib.mkIf (!cfg.isThinUser) ( with pkgs; [ #foss platforms signal-desktop diff --git a/util/default.nix b/util/default.nix new file mode 100644 index 00000000..795ad043 --- /dev/null +++ b/util/default.nix @@ -0,0 +1,8 @@ +{ lib, ... }: +{ + mkUnless = condition: then: (mkIf (!condition) then); + mkIfElse = condition: then: else: lib.mkMerge [ + (mkIf condition then) + (mkUnless condition else) + ]; +} \ No newline at end of file From b9431f5814290764317e79022221f4669b8b6df8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:10 -0500 Subject: [PATCH 096/932] replaced isThinInstallation with isThinUser added util folder --- README.md | 7 ++++--- hosts/defiant/configuration.nix | 5 +---- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 4 ++-- util/default.nix | 8 ++++++++ 5 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 util/default.nix diff --git a/README.md b/README.md index 7cd1f810..4dc35cf2 100644 --- a/README.md +++ b/README.md @@ -35,12 +35,13 @@ TODO: keys.txt should prob be readable by owning user only? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? - sops.age.keyFile should not just be hard coded to leyla? -- isThinInstallation -> isThinUser +- use dashes for options not camel case ## New Features - openssh configuration for server - VS code extensions should be installed declaratively -- Flake templates +- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? -- Open GL? \ No newline at end of file +- Open GL? +- util functions \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 99cbde4f..05b2f736 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,10 +16,7 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { - isNormalUser = true; - isThinInstallation = true; - }; + users.leyla.isThinUser = true; boot.loader.grub = { enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 78a92611..7d679cce 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,7 +9,7 @@ in options.users.leyla = { isNormalUser = lib.mkEnableOption "create usable leyla user"; - isThinInstallation = lib.mkEnableOption "are most programs going to be installed or not"; + isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; @@ -34,12 +34,12 @@ in } ( - if cfg.isNormalUser then { + if (cfg.isNormalUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] ( - lib.mkIf (!cfg.isThinInstallation) [ "adbusers" ] + lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) ]; @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf cfg.isNormalUser (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index f2350b73..7c27a094 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -22,7 +22,7 @@ in programs.adb.enable = true; - users.users.leyla.packages = lib.mkIf cfg.isNormalUser ( + users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ @@ -33,7 +33,7 @@ in ] ) ( - lib.mkIf (!cfg.isThinInstallation) ( + lib.mkIf (!cfg.isThinUser) ( with pkgs; [ #foss platforms signal-desktop diff --git a/util/default.nix b/util/default.nix new file mode 100644 index 00000000..795ad043 --- /dev/null +++ b/util/default.nix @@ -0,0 +1,8 @@ +{ lib, ... }: +{ + mkUnless = condition: then: (mkIf (!condition) then); + mkIfElse = condition: then: else: lib.mkMerge [ + (mkIf condition then) + (mkUnless condition else) + ]; +} \ No newline at end of file From d9bb30a19d454fa099495249aa7bcff7790e945f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:29 -0500 Subject: [PATCH 097/932] created template folder --- templates/default.nix | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 templates/default.nix diff --git a/templates/default.nix b/templates/default.nix new file mode 100644 index 00000000..e69de29b From a459ce6eb3fe157b0ca21cf1afd04b0062c23e08 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 01:27:29 -0500 Subject: [PATCH 098/932] created template folder --- templates/default.nix | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 templates/default.nix diff --git a/templates/default.nix b/templates/default.nix new file mode 100644 index 00000000..e69de29b From 9b520878c49d059ae2ad2957ecb139d420e9970b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 14:24:11 -0500 Subject: [PATCH 099/932] restricted more of leylas configs behind full user --- hosts/horizon/configuration.nix | 6 +++--- hosts/twilight/configuration.nix | 6 +++--- users/ester/default.nix | 6 +++--- users/eve/default.nix | 6 +++--- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 14 +++++++------- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 79fa5557..d28ca5b8 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -16,9 +16,9 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.leyla.isFullUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 88cd750c..34e6922f 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -17,14 +17,14 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla = { - isNormalUser = true; + isFullUser = true; hasPiperMouse = true; hasOpenRGBHardware = true; hasViaKeyboard = true; hasGPU = true; }; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 0f7f3bea..4850e0f6 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -4,11 +4,11 @@ let in { options.users.ester = { - isNormalUser = lib.mkEnableOption "ester"; + isFullUser = lib.mkEnableOption "ester"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/eve/default.nix b/users/eve/default.nix index d5b6f298..bf2b51ba 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -4,11 +4,11 @@ let in { options.users.eve = { - isNormalUser = lib.mkEnableOption "eve"; + isFullUser = lib.mkEnableOption "eve"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7d679cce..a887dfbe 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,7 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "create usable leyla user"; + isFullUser = lib.mkEnableOption "create usable leyla user"; isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -34,7 +34,7 @@ in } ( - if (cfg.isNormalUser || cfg.isThinUser) then { + if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 7c27a094..a1332cc7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,21 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = { + programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ code = "codium"; - }; + }); - programs.steam = { + programs.steam = lib.mkIf cfg.isFullUser ({ enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; + }); - programs.noisetorch.enable = true; + programs.noisetorch.enable = cfg.isFullUser; - programs.adb.enable = true; + programs.adb.enable = cfg.isFullUser; - users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( + users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ From b0de438060076df937b7ae57790c2a422dbb6b09 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 14:24:11 -0500 Subject: [PATCH 100/932] restricted more of leylas configs behind full user --- hosts/horizon/configuration.nix | 6 +++--- hosts/twilight/configuration.nix | 6 +++--- users/ester/default.nix | 6 +++--- users/eve/default.nix | 6 +++--- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 14 +++++++------- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 79fa5557..d28ca5b8 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -16,9 +16,9 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isNormalUser = true; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.leyla.isFullUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 88cd750c..34e6922f 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -17,14 +17,14 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; users.leyla = { - isNormalUser = true; + isFullUser = true; hasPiperMouse = true; hasOpenRGBHardware = true; hasViaKeyboard = true; hasGPU = true; }; - users.ester.isNormalUser = true; - users.eve.isNormalUser = true; + users.ester.isFullUser = true; + users.eve.isFullUser = true; # Bootloader. boot.loader.systemd-boot.enable = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 0f7f3bea..4850e0f6 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -4,11 +4,11 @@ let in { options.users.ester = { - isNormalUser = lib.mkEnableOption "ester"; + isFullUser = lib.mkEnableOption "ester"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/eve/default.nix b/users/eve/default.nix index d5b6f298..bf2b51ba 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -4,11 +4,11 @@ let in { options.users.eve = { - isNormalUser = lib.mkEnableOption "eve"; + isFullUser = lib.mkEnableOption "eve"; }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -25,7 +25,7 @@ in } ( - if cfg.isNormalUser then { + if cfg.isFullUser then { isNormalUser = true; extraGroups = [ "networkmanager" ]; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7d679cce..a887dfbe 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -8,7 +8,7 @@ in ]; options.users.leyla = { - isNormalUser = lib.mkEnableOption "create usable leyla user"; + isFullUser = lib.mkEnableOption "create usable leyla user"; isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isNormalUser { + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; @@ -34,7 +34,7 @@ in } ( - if (cfg.isNormalUser || cfg.isThinUser) then { + if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "docker"] @@ -50,6 +50,6 @@ in ) ]; - home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 7c27a094..a1332cc7 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,21 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = { + programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ code = "codium"; - }; + }); - programs.steam = { + programs.steam = lib.mkIf cfg.isFullUser ({ enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; + }); - programs.noisetorch.enable = true; + programs.noisetorch.enable = cfg.isFullUser; - programs.adb.enable = true; + programs.adb.enable = cfg.isFullUser; - users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( + users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ ( with pkgs; [ From 453ed74a3ac21788f40433ddd0490e36e992749f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:33:16 -0500 Subject: [PATCH 101/932] added note to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4dc35cf2..32398fd3 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,8 @@ TODO: keys.txt should prob be readable by owning user only? > look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` +> something about ssh keys for remotes + # Tasks: ## Tech Debt From 0138aebb26f910e907082804c37e59a0c12b4d94 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:33:16 -0500 Subject: [PATCH 102/932] added note to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4dc35cf2..32398fd3 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,8 @@ TODO: keys.txt should prob be readable by owning user only? > look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` +> something about ssh keys for remotes + # Tasks: ## Tech Debt From a91f5998367fae2018e8cdef09cfedcd98826159 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:34:40 -0500 Subject: [PATCH 103/932] removed password auth from ssh for defiant --- hosts/defiant/configuration.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05b2f736..0dc7fd18 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -42,11 +42,10 @@ enable = true; ports = [ 22 ]; settings = { - PasswordAuthentication = true; + PasswordAuthentication = false; AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; - PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" }; }; From aa19c47149f4a52176a13eb350377ff5755e32db Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:34:40 -0500 Subject: [PATCH 104/932] removed password auth from ssh for defiant --- hosts/defiant/configuration.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05b2f736..0dc7fd18 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -42,11 +42,10 @@ enable = true; ports = [ 22 ]; settings = { - PasswordAuthentication = true; + PasswordAuthentication = false; AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; - PermitRootLogin = "without-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" }; }; From 51a44a7f6620a4bdbaf05096fdce462bda8849e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:39:59 -0500 Subject: [PATCH 105/932] disabled sleep on defiant --- hosts/defiant/configuration.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 0dc7fd18..a80c520c 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -37,6 +37,12 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # disable computer sleeping + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; + # temp enable password auth over ssh for setup services.openssh = { enable = true; From e66c2233e81e0ed7ff427bcf49e57ab6148a3775 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 15:39:59 -0500 Subject: [PATCH 106/932] disabled sleep on defiant --- hosts/defiant/configuration.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 0dc7fd18..a80c520c 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -37,6 +37,12 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # disable computer sleeping + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; + # temp enable password auth over ssh for setup services.openssh = { enable = true; From 8916b78f7b7d8eaf0b9fc9d4d18be557dae74e6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:04:48 -0500 Subject: [PATCH 107/932] added password for leyla when thin user --- users/leyla/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index a887dfbe..c5bfef92 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; From 67e528c0ceca6b08d01c9c0c4d207d78b26f7b78 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:04:48 -0500 Subject: [PATCH 108/932] added password for leyla when thin user --- users/leyla/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index a887dfbe..c5bfef92 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -17,7 +17,7 @@ in }; config = { - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; # sopsFile = ../secrets.yaml; From 2f24bb0a4db89e4f0c81d4cbf16c2344e6993e1e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:54:29 -0500 Subject: [PATCH 109/932] removed thing from todo --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 32398fd3..85443717 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- openssh configuration for server - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From a0de710c44b678590182d0591f417e0ba7444f8f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Sep 2024 16:54:29 -0500 Subject: [PATCH 110/932] removed thing from todo --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 32398fd3..85443717 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- openssh configuration for server - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 6a309284a3bce94f607c5babc17e329eb15790f9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:23 -0500 Subject: [PATCH 111/932] organized flake.nix --- flake.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 33b4f83d..e75e1330 100644 --- a/flake.nix +++ b/flake.nix @@ -2,21 +2,30 @@ description = "Nixos config flake"; inputs = { + # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # managment per user home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let - forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachSystem = nixpkgs.lib.genAttrs [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { From 3530ee07d7ae611657f5ce997762fb64659a5c7b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:23 -0500 Subject: [PATCH 112/932] organized flake.nix --- flake.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 33b4f83d..e75e1330 100644 --- a/flake.nix +++ b/flake.nix @@ -2,21 +2,30 @@ description = "Nixos config flake"; inputs = { + # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # managment per user home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; + # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: let - forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" ]; + forEachSystem = nixpkgs.lib.genAttrs [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); in { From f00cec11ac0671ff033887ded040c5ca6a1aeb47 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:38 -0500 Subject: [PATCH 113/932] added more things to readme --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 85443717..341d84bb 100644 --- a/README.md +++ b/README.md @@ -39,10 +39,13 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? -- util functions \ No newline at end of file +- util functions +- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- limit boot configurations to 2 on defiant \ No newline at end of file From 1635bdddbadcaa5dc6d45063c332ae422988fabe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:38 -0500 Subject: [PATCH 114/932] added more things to readme --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 85443717..341d84bb 100644 --- a/README.md +++ b/README.md @@ -39,10 +39,13 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? -- util functions \ No newline at end of file +- util functions +- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- limit boot configurations to 2 on defiant \ No newline at end of file From cee99874493c23562da6515a06a9bfe3e6fb5409 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:48 -0500 Subject: [PATCH 115/932] added driver to defiant --- hosts/defiant/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 088af3fc..575ae360 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,7 +8,7 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; From c929a2c7e668877aed9f846377096c417ee7e15e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 19:36:48 -0500 Subject: [PATCH 116/932] added driver to defiant --- hosts/defiant/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 088af3fc..575ae360 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,7 +8,7 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; From 696ea9872a927e0fb79e7716f4ccf137b106b853 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 20:17:41 -0500 Subject: [PATCH 117/932] removed task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 341d84bb..8dcfde30 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 5a6bd285e385b39cbb28d19a98ecf7c7ec5a1a69 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 7 Sep 2024 20:17:41 -0500 Subject: [PATCH 118/932] removed task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 341d84bb..8dcfde30 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,6 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features -- RAID CARD - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 41f834d5d2c3bbd968fc05901da422d56f8b0518 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:11:27 -0500 Subject: [PATCH 119/932] task added to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8dcfde30..9a33b19b 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From 85345eedf5bcd368e2ad8aa7b8d6e614e8dc6af2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:11:27 -0500 Subject: [PATCH 120/932] task added to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8dcfde30..9a33b19b 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Install all the things on the NAS From dfec548b619b81fb68247265a17a21bfa3be3a75 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:26:15 -0500 Subject: [PATCH 121/932] updated flakes --- README.md | 3 +++ flake.lock | 36 ++++++++++++++++++------------------ 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9a33b19b..3e613676 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,9 @@ TODO: keys.txt should prob be readable by owning user only? > something about ssh keys for remotes +# Updating +`nix flake update` + # Tasks: ## Tech Debt diff --git a/flake.lock b/flake.lock index ec704cfc..1e8ab512 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1725948275, + "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724878143, - "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -54,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1721466660, - "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", + "lastModified": 1725534445, + "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", + "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725201042, - "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", + "lastModified": 1725922448, + "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", + "rev": "cede1a08039178ac12957733e97ab1006c6b6892", "type": "github" }, "original": { From e507d502c75d2b69e48851472b9aa6e707bb182e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 14:26:15 -0500 Subject: [PATCH 122/932] updated flakes --- README.md | 3 +++ flake.lock | 36 ++++++++++++++++++------------------ 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 9a33b19b..3e613676 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,9 @@ TODO: keys.txt should prob be readable by owning user only? > something about ssh keys for remotes +# Updating +`nix flake update` + # Tasks: ## Tech Debt diff --git a/flake.lock b/flake.lock index ec704cfc..1e8ab512 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1725948275, + "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724878143, - "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -38,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -54,11 +54,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1721524707, - "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", "type": "github" }, "original": { @@ -70,11 +70,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1721466660, - "narHash": "sha256-pFSxgSZqZ3h+5Du0KvEL1ccDZBwu4zvOil1zzrPNb3c=", + "lastModified": 1725534445, + "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e14bbce7bea6c4efd7adfa88a40dac750d80100", + "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", "type": "github" }, "original": { @@ -98,11 +98,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725201042, - "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", + "lastModified": 1725922448, + "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", + "rev": "cede1a08039178ac12957733e97ab1006c6b6892", "type": "github" }, "original": { From 88d8ec0077bb445cb9f68fc6adc5a632fdaef17b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 19:00:15 -0500 Subject: [PATCH 123/932] added openvpn to packages --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index a1332cc7..462c34e6 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -72,6 +72,7 @@ in # system tools protonvpn-gui + openvpn nextcloud-client noisetorch From 126940814ec0b14d7c2a5a156f10ebb431c0580c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Sep 2024 19:00:15 -0500 Subject: [PATCH 124/932] added openvpn to packages --- users/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index a1332cc7..462c34e6 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -72,6 +72,7 @@ in # system tools protonvpn-gui + openvpn nextcloud-client noisetorch From 430e1e80124bcc2c8623ec8b835f5ef2f0a1112c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Sep 2024 17:41:48 -0500 Subject: [PATCH 125/932] added disko to tasks --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3e613676..67830097 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init From 20e65ebf0f5a86dc1d745a6a20fa04d085fe02b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Sep 2024 17:41:48 -0500 Subject: [PATCH 126/932] added disko to tasks --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3e613676..67830097 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ TODO: keys.txt should prob be readable by owning user only? - sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case ## New Features +- DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively - Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init From 5df7df6129864c48f5e5b815a2a5caf4773da1d9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 14 Sep 2024 09:19:08 -0500 Subject: [PATCH 127/932] got nixos-anywhere half working --- README.md | 21 ++-- flake.lock | 21 ++++ flake.nix | 10 +- hosts/defiant/configuration.nix | 30 +++++- hosts/defiant/disko-config.nix | 120 +++++++++++++++++++++++ hosts/defiant/hardware-configuration.nix | 8 +- 6 files changed, 193 insertions(+), 17 deletions(-) create mode 100644 hosts/defiant/disko-config.nix diff --git a/README.md b/README.md index 67830097..c3773c0f 100644 --- a/README.md +++ b/README.md @@ -17,25 +17,31 @@ `./rebuild.sh` # New machine setup + keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt +> TODO: `keys.txt`` should prob be readable by owning user only? updating passwords: `sops secrets/secrets.yaml` -TODO: keys.txt should prob be readable by owning user only? +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` - > something about ssh keys for remotes +# Notes: +- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main` +- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` +- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init + # Updating `nix flake update` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them +- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? @@ -45,11 +51,12 @@ TODO: keys.txt should prob be readable by owning user only? - DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively -- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Flake templates - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? - util functions -- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh -- limit boot configurations to 2 on defiant \ No newline at end of file +- openssh known hosts +- limit boot configurations to 2 on defiant +- rotate sops encryption keys \ No newline at end of file diff --git a/flake.lock b/flake.lock index 1e8ab512..1182330e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "owner": "nix-community", + "repo": "disko", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -86,6 +106,7 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index e75e1330..ee87ab5e 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,12 @@ # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # declairtive disk configuration + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # managment per user home-manager = { url = "github:nix-community/home-manager"; @@ -18,7 +24,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: + outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "aarch64-darwin" @@ -53,6 +59,8 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ + disko.nixosModules.disko + ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; }; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index a80c520c..bff81ea2 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,19 +11,39 @@ ../../enviroments/server ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + age ={ + keyFile = "/home/leyla/.config/sops/age/keys.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + + # home.sessionVariables = { + # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; + # }; users.leyla.isThinUser = true; boot.loader.grub = { enable = true; - device = "/dev/sda"; - useOSProber = true; + zfsSupport = true; + efiSupport = true; + efiInstallAsRemovable = true; + # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; + # mirroredBoots = [ + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } + # ]; }; + boot.supportedFilesystems = [ "zfs" ]; + + networking.hostId = "c8985fc5"; # TODO: populate this when I get home networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix new file mode 100644 index 00000000..3a113eb2 --- /dev/null +++ b/hosts/defiant/disko-config.nix @@ -0,0 +1,120 @@ +{ lib, ... }: +let + bootDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + zfsDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zpool"; + }; + }; + }; + }; + }; +in { + disko.devices = { + disk = { + boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + + # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + + # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + }; + # zpool = { + # zpool = { + # type = "zpool"; + # mode = { + # topology = { + # type = "topology"; + # vdev = [ + # { + # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + # mode = "mirror"; + # members = [ + # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + # ]; + # } + # ]; + # cache = [ ]; + # # cache = [ "ssd_2_tb_a" ]; + # }; + # }; + + # options = { + # ashift = "12"; + # }; + + # rootFsOptions = { + # encryption = "on"; + # keyformat = "hex"; + # keylocation = "prompt"; + # compression = "lz4"; + # xattr = "sa"; + # acltype = "posixacl"; + # "com.sun:auto-snapshot" = "false"; + # }; + + # datasets = { + # "root" = { + # type = "zfs_fs"; + # mountpoint = "/"; + # }; + # "nix" = { + # type = "zfs_fs"; + # mountpoint = "/nix"; + # }; + # "home" = { + # type = "zfs_fs"; + # mountpoint = "/home"; + # options = { + # "com.sun:auto-snapshot" = "true"; + # }; + # }; + # "var" = { + # type = "zfs_fs"; + # mountpoint = "/var"; + # }; + # }; + # }; + # }; + }; +} + diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 575ae360..cd075caf 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -13,10 +13,10 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; - fsType = "ext4"; - }; + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + # fsType = "ext4"; + # }; swapDevices = [ ]; From 2a30c00ffbbcb1ac46a2fb41f7c489595294ccd8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 14 Sep 2024 09:19:08 -0500 Subject: [PATCH 128/932] got nixos-anywhere half working --- README.md | 21 ++-- flake.lock | 21 ++++ flake.nix | 10 +- hosts/defiant/configuration.nix | 30 +++++- hosts/defiant/disko-config.nix | 120 +++++++++++++++++++++++ hosts/defiant/hardware-configuration.nix | 8 +- 6 files changed, 193 insertions(+), 17 deletions(-) create mode 100644 hosts/defiant/disko-config.nix diff --git a/README.md b/README.md index 67830097..c3773c0f 100644 --- a/README.md +++ b/README.md @@ -17,25 +17,31 @@ `./rebuild.sh` # New machine setup + keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt +> TODO: `keys.txt`` should prob be readable by owning user only? updating passwords: `sops secrets/secrets.yaml` -TODO: keys.txt should prob be readable by owning user only? +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -> look into this? `https://technotim.live/posts/rotate-sops-encryption-keys/` - > something about ssh keys for remotes +# Notes: +- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main` +- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` +- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init + # Updating `nix flake update` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them +- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix - what does `boot.kernelModules = [ "sg" ]` do? @@ -45,11 +51,12 @@ TODO: keys.txt should prob be readable by owning user only? - DISKO for server - STOP FROM SLEEPING - VS code extensions should be installed declaratively -- Flake templates - https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Flake templates - Install all the things on the NAS - firefox declarative??? - figure out steam vr things? - Open GL? - util functions -- openssh known hosts https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh -- limit boot configurations to 2 on defiant \ No newline at end of file +- openssh known hosts +- limit boot configurations to 2 on defiant +- rotate sops encryption keys \ No newline at end of file diff --git a/flake.lock b/flake.lock index 1e8ab512..1182330e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "owner": "nix-community", + "repo": "disko", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -86,6 +106,7 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index e75e1330..ee87ab5e 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,12 @@ # encrypt files that contain secreats that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + # declairtive disk configuration + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # managment per user home-manager = { url = "github:nix-community/home-manager"; @@ -18,7 +24,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { self, nixpkgs, nixos-hardware, ... }@inputs: + outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: let forEachSystem = nixpkgs.lib.genAttrs [ "aarch64-darwin" @@ -53,6 +59,8 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ + disko.nixosModules.disko + ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; }; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index a80c520c..bff81ea2 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,19 +11,39 @@ ../../enviroments/server ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + age ={ + keyFile = "/home/leyla/.config/sops/age/keys.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + + # home.sessionVariables = { + # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; + # }; users.leyla.isThinUser = true; boot.loader.grub = { enable = true; - device = "/dev/sda"; - useOSProber = true; + zfsSupport = true; + efiSupport = true; + efiInstallAsRemovable = true; + # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; + # mirroredBoots = [ + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } + # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } + # ]; }; + boot.supportedFilesystems = [ "zfs" ]; + + networking.hostId = "c8985fc5"; # TODO: populate this when I get home networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix new file mode 100644 index 00000000..3a113eb2 --- /dev/null +++ b/hosts/defiant/disko-config.nix @@ -0,0 +1,120 @@ +{ lib, ... }: +let + bootDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + zfsDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zpool"; + }; + }; + }; + }; + }; +in { + disko.devices = { + disk = { + boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + + # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + + # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + }; + # zpool = { + # zpool = { + # type = "zpool"; + # mode = { + # topology = { + # type = "topology"; + # vdev = [ + # { + # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + # mode = "mirror"; + # members = [ + # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + # ]; + # } + # ]; + # cache = [ ]; + # # cache = [ "ssd_2_tb_a" ]; + # }; + # }; + + # options = { + # ashift = "12"; + # }; + + # rootFsOptions = { + # encryption = "on"; + # keyformat = "hex"; + # keylocation = "prompt"; + # compression = "lz4"; + # xattr = "sa"; + # acltype = "posixacl"; + # "com.sun:auto-snapshot" = "false"; + # }; + + # datasets = { + # "root" = { + # type = "zfs_fs"; + # mountpoint = "/"; + # }; + # "nix" = { + # type = "zfs_fs"; + # mountpoint = "/nix"; + # }; + # "home" = { + # type = "zfs_fs"; + # mountpoint = "/home"; + # options = { + # "com.sun:auto-snapshot" = "true"; + # }; + # }; + # "var" = { + # type = "zfs_fs"; + # mountpoint = "/var"; + # }; + # }; + # }; + # }; + }; +} + diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 575ae360..cd075caf 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -13,10 +13,10 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; - fsType = "ext4"; - }; + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + # fsType = "ext4"; + # }; swapDevices = [ ]; From 8f8cea0ab2690a80e895758575c5cbeb21aa3fc0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 10:12:32 -0500 Subject: [PATCH 129/932] added zfs disks to defiant --- hosts/defiant/configuration.nix | 1 - hosts/defiant/disko-config.nix | 130 ++++++++++++++++---------------- hosts/horizon/configuration.nix | 2 +- 3 files changed, 66 insertions(+), 67 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bff81ea2..bc6c34cd 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -63,7 +63,6 @@ systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; - # temp enable password auth over ssh for setup services.openssh = { enable = true; ports = [ 22 ]; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 3a113eb2..7fd24273 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,14 @@ let mountpoint = "/boot"; }; }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; + # root = { + # size = "100%"; + # content = { + # type = "filesystem"; + # format = "ext4"; + # mountpoint = "/"; + # }; + # }; }; }; }; @@ -52,69 +52,69 @@ in { disk = { boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; - # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; }; - # zpool = { - # zpool = { - # type = "zpool"; - # mode = { - # topology = { - # type = "topology"; - # vdev = [ - # { - # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? - # mode = "mirror"; - # members = [ - # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" - # ]; - # } - # ]; - # cache = [ ]; - # # cache = [ "ssd_2_tb_a" ]; - # }; - # }; + zpool = { + zpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = [ + { + # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + mode = "mirror"; + members = [ + "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + ]; + } + ]; + cache = [ ]; + # cache = [ "ssd_2_tb_a" ]; + }; + }; - # options = { - # ashift = "12"; - # }; + options = { + ashift = "12"; + }; - # rootFsOptions = { - # encryption = "on"; - # keyformat = "hex"; - # keylocation = "prompt"; - # compression = "lz4"; - # xattr = "sa"; - # acltype = "posixacl"; - # "com.sun:auto-snapshot" = "false"; - # }; + rootFsOptions = { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + compression = "lz4"; + xattr = "sa"; + acltype = "posixacl"; + "com.sun:auto-snapshot" = "false"; + }; - # datasets = { - # "root" = { - # type = "zfs_fs"; - # mountpoint = "/"; - # }; - # "nix" = { - # type = "zfs_fs"; - # mountpoint = "/nix"; - # }; - # "home" = { - # type = "zfs_fs"; - # mountpoint = "/home"; - # options = { - # "com.sun:auto-snapshot" = "true"; - # }; - # }; - # "var" = { - # type = "zfs_fs"; - # mountpoint = "/var"; - # }; - # }; - # }; - # }; + datasets = { + "root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + "nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + "home" = { + type = "zfs_fs"; + mountpoint = "/home"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + "var" = { + type = "zfs_fs"; + mountpoint = "/var"; + }; + }; + }; + }; }; } diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index d28ca5b8..18d4348c 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -71,7 +71,7 @@ # }; # Enable the OpenSSH daemon. - # services.openssh.enable = true; + services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; From d22f470e2449d431aab49ca5b8070a95a2ffdb16 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 10:12:32 -0500 Subject: [PATCH 130/932] added zfs disks to defiant --- hosts/defiant/configuration.nix | 1 - hosts/defiant/disko-config.nix | 130 ++++++++++++++++---------------- hosts/horizon/configuration.nix | 2 +- 3 files changed, 66 insertions(+), 67 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bff81ea2..bc6c34cd 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -63,7 +63,6 @@ systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; - # temp enable password auth over ssh for setup services.openssh = { enable = true; ports = [ 22 ]; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 3a113eb2..7fd24273 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,14 @@ let mountpoint = "/boot"; }; }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; + # root = { + # size = "100%"; + # content = { + # type = "filesystem"; + # format = "ext4"; + # mountpoint = "/"; + # }; + # }; }; }; }; @@ -52,69 +52,69 @@ in { disk = { boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; - # hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - # hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - # hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; }; - # zpool = { - # zpool = { - # type = "zpool"; - # mode = { - # topology = { - # type = "topology"; - # vdev = [ - # { - # # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? - # mode = "mirror"; - # members = [ - # "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" - # ]; - # } - # ]; - # cache = [ ]; - # # cache = [ "ssd_2_tb_a" ]; - # }; - # }; + zpool = { + zpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = [ + { + # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + mode = "mirror"; + members = [ + "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + ]; + } + ]; + cache = [ ]; + # cache = [ "ssd_2_tb_a" ]; + }; + }; - # options = { - # ashift = "12"; - # }; + options = { + ashift = "12"; + }; - # rootFsOptions = { - # encryption = "on"; - # keyformat = "hex"; - # keylocation = "prompt"; - # compression = "lz4"; - # xattr = "sa"; - # acltype = "posixacl"; - # "com.sun:auto-snapshot" = "false"; - # }; + rootFsOptions = { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + compression = "lz4"; + xattr = "sa"; + acltype = "posixacl"; + "com.sun:auto-snapshot" = "false"; + }; - # datasets = { - # "root" = { - # type = "zfs_fs"; - # mountpoint = "/"; - # }; - # "nix" = { - # type = "zfs_fs"; - # mountpoint = "/nix"; - # }; - # "home" = { - # type = "zfs_fs"; - # mountpoint = "/home"; - # options = { - # "com.sun:auto-snapshot" = "true"; - # }; - # }; - # "var" = { - # type = "zfs_fs"; - # mountpoint = "/var"; - # }; - # }; - # }; - # }; + datasets = { + "root" = { + type = "zfs_fs"; + mountpoint = "/"; + }; + "nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + "home" = { + type = "zfs_fs"; + mountpoint = "/home"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + "var" = { + type = "zfs_fs"; + mountpoint = "/var"; + }; + }; + }; + }; }; } diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index d28ca5b8..18d4348c 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -71,7 +71,7 @@ # }; # Enable the OpenSSH daemon. - # services.openssh.enable = true; + services.openssh.enable = true; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; From 417aafe2e82b3364306682e2a257f25f3ad263f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 12:55:31 -0500 Subject: [PATCH 131/932] moved sops config into common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- hosts/twilight/configuration.nix | 5 ----- users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 6 files changed, 16 insertions(+), 19 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 59dda193..a6c671ce 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -26,6 +26,19 @@ LC_TIME = "en_US.UTF-8"; }; + users.groups.users = {}; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + + age ={ + keyFile = "/var/lib/sops-nix/key.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bc6c34cd..594e83fa 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,17 +11,6 @@ ../../enviroments/server ]; - sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - defaultSopsFormat = "yaml"; - - age ={ - keyFile = "/home/leyla/.config/sops/age/keys.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; - # generateKey = true; - }; - }; - # home.sessionVariables = { # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; # }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 34e6922f..93f92658 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,11 +11,6 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { isFullUser = true; hasPiperMouse = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 4850e0f6..156716f3 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; diff --git a/users/eve/default.nix b/users/eve/default.nix index bf2b51ba..4ed06a8e 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index c5bfef92..75466137 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker"] + ["networkmanager" "wheel" "docker" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From 88ab5420eb98f7a0733346967fd01225bd02aef1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 12:55:31 -0500 Subject: [PATCH 132/932] moved sops config into common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- hosts/twilight/configuration.nix | 5 ----- users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 6 files changed, 16 insertions(+), 19 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 59dda193..a6c671ce 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -26,6 +26,19 @@ LC_TIME = "en_US.UTF-8"; }; + users.groups.users = {}; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + + age ={ + keyFile = "/var/lib/sops-nix/key.txt"; + # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + # generateKey = true; + }; + }; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bc6c34cd..594e83fa 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,17 +11,6 @@ ../../enviroments/server ]; - sops = { - defaultSopsFile = ../../secrets/secrets.yaml; - defaultSopsFormat = "yaml"; - - age ={ - keyFile = "/home/leyla/.config/sops/age/keys.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; - # generateKey = true; - }; - }; - # home.sessionVariables = { # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; # }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 34e6922f..93f92658 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,11 +11,6 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla = { isFullUser = true; hasPiperMouse = true; diff --git a/users/ester/default.nix b/users/ester/default.nix index 4850e0f6..156716f3 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; diff --git a/users/eve/default.nix b/users/eve/default.nix index bf2b51ba..4ed06a8e 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -27,7 +27,7 @@ in ( if cfg.isFullUser then { isNormalUser = true; - extraGroups = [ "networkmanager" ]; + extraGroups = [ "networkmanager" "users" ]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index c5bfef92..75466137 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker"] + ["networkmanager" "wheel" "docker" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From d55d5933de90636459e7c15d6a36f9e211600953 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:03:53 -0500 Subject: [PATCH 133/932] reduced tech debt by moving things into hardware configs --- README.md | 9 ++--- hosts/horizon/configuration.nix | 40 ------------------ hosts/horizon/hardware-configuration.nix | 9 ++++- hosts/twilight/configuration.nix | 49 ----------------------- hosts/twilight/hardware-configuration.nix | 48 +++++++++++++++++++++- 5 files changed, 58 insertions(+), 97 deletions(-) diff --git a/README.md b/README.md index c3773c0f..006fdb91 100644 --- a/README.md +++ b/README.md @@ -17,13 +17,11 @@ `./rebuild.sh` # New machine setup - -keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt -> TODO: `keys.txt`` should prob be readable by owning user only? +keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU @@ -44,9 +42,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix -- what does `boot.kernelModules = [ "sg" ]` do? -- sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case +- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server - STOP FROM SLEEPING diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 18d4348c..9eae0575 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,23 +11,10 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isFullUser = true; users.ester.isFullUser = true; users.eve.isFullUser = true; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.kernelModules = [ "sg" ]; - - networking.hostName = "horizon"; # Define your hostname. - # enabled virtualisation for docker virtualisation.docker = { enable = true; @@ -37,39 +24,12 @@ }; }; - hardware.graphics.enable = true; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # # List services that you want to enable: - # systemd.services = { - # # Start resilio sync on boot - # resilio-sync = { - # description = "Resilio Sync service"; - - # serviceConfig = { - # Type = "forking"; - # Restart = "on-failure"; - # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; - # }; - - # after = [ "network.target" "network-online.target" ]; - # wantedBy = [ "multi-user.target" ]; - # }; - # }; - # Enable the OpenSSH daemon. services.openssh.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index e83bda57..40561a99 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -10,9 +10,15 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "kvm-intel" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + hardware.graphics.enable = true; + fileSystems."/" = { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; fsType = "ext4"; @@ -57,6 +63,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + networking.hostName = "horizon"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 93f92658..fc4f4250 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -20,15 +20,7 @@ }; users.ester.isFullUser = true; users.eve.isFullUser = true; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.kernelModules = [ "sg" ]; - - networking.hostName = "twilight"; # Define your hostname. - # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -38,47 +30,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index ef715025..2ab871e5 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -10,9 +10,54 @@ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ "kvm-amd" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Enable OpenGL + hardware.graphics.enable = true; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + fileSystems."/" = { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; fsType = "ext4"; @@ -54,6 +99,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + networking.hostName = "twilight"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From e338b8eac5d343a4d10bfba8efd3e8dcb8170d7a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:03:53 -0500 Subject: [PATCH 134/932] reduced tech debt by moving things into hardware configs --- README.md | 9 ++--- hosts/horizon/configuration.nix | 40 ------------------ hosts/horizon/hardware-configuration.nix | 9 ++++- hosts/twilight/configuration.nix | 49 ----------------------- hosts/twilight/hardware-configuration.nix | 48 +++++++++++++++++++++- 5 files changed, 58 insertions(+), 97 deletions(-) diff --git a/README.md b/README.md index c3773c0f..006fdb91 100644 --- a/README.md +++ b/README.md @@ -17,13 +17,11 @@ `./rebuild.sh` # New machine setup - -keys for decrypting password secrets for each users located at ~/.config/sops/age/keys.txt -> TODO: `keys.txt`` should prob be readable by owning user only? +keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#defiant' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU @@ -44,9 +42,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) - GNOME default monitors per hardware configuration? - graphics driver things should prob be in the hardware-configuration.nix -- what does `boot.kernelModules = [ "sg" ]` do? -- sops.age.keyFile should not just be hard coded to leyla? - use dashes for options not camel case +- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server - STOP FROM SLEEPING diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 18d4348c..9eae0575 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,23 +11,10 @@ ../../enviroments/client ]; - sops.defaultSopsFile = ../../secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; - users.leyla.isFullUser = true; users.ester.isFullUser = true; users.eve.isFullUser = true; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.kernelModules = [ "sg" ]; - - networking.hostName = "horizon"; # Define your hostname. - # enabled virtualisation for docker virtualisation.docker = { enable = true; @@ -37,39 +24,12 @@ }; }; - hardware.graphics.enable = true; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # # List services that you want to enable: - # systemd.services = { - # # Start resilio sync on boot - # resilio-sync = { - # description = "Resilio Sync service"; - - # serviceConfig = { - # Type = "forking"; - # Restart = "on-failure"; - # ExecStart = "${pkgs.resilio-sync}/bin/rslsync"; - # }; - - # after = [ "network.target" "network-online.target" ]; - # wantedBy = [ "multi-user.target" ]; - # }; - # }; - # Enable the OpenSSH daemon. services.openssh.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index e83bda57..40561a99 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -10,9 +10,15 @@ boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; + boot.kernelModules = [ "kvm-intel" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + hardware.graphics.enable = true; + fileSystems."/" = { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; fsType = "ext4"; @@ -57,6 +63,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + networking.hostName = "horizon"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 93f92658..fc4f4250 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -20,15 +20,7 @@ }; users.ester.isFullUser = true; users.eve.isFullUser = true; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.kernelModules = [ "sg" ]; - - networking.hostName = "twilight"; # Define your hostname. - # enabled virtualisation for docker # virtualisation.docker.enable = true; @@ -38,47 +30,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index ef715025..2ab871e5 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -10,9 +10,54 @@ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ "kvm-amd" "sg" ]; boot.extraModulePackages = [ ]; + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Enable OpenGL + hardware.graphics.enable = true; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + services.xserver.displayManager.gdm.wayland = false; + + # install graphics drivers + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + fileSystems."/" = { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; fsType = "ext4"; @@ -54,6 +99,7 @@ networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + networking.hostName = "twilight"; # Define your hostname. nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From 15ce7680a6e0156bf2b9432670cf271bab82923b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:04:11 -0500 Subject: [PATCH 135/932] switched boot disk to using path for defiant --- hosts/defiant/disko-config.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 7fd24273..10ec163d 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,6 @@ let mountpoint = "/boot"; }; }; - # root = { - # size = "100%"; - # content = { - # type = "filesystem"; - # format = "ext4"; - # mountpoint = "/"; - # }; - # }; }; }; }; @@ -50,7 +42,7 @@ let in { disko.devices = { disk = { - boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; From 9cf91a73164e8685d6194b91a5062bba1c6d2005 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:04:11 -0500 Subject: [PATCH 136/932] switched boot disk to using path for defiant --- hosts/defiant/disko-config.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 7fd24273..10ec163d 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -20,14 +20,6 @@ let mountpoint = "/boot"; }; }; - # root = { - # size = "100%"; - # content = { - # type = "filesystem"; - # format = "ext4"; - # mountpoint = "/"; - # }; - # }; }; }; }; @@ -50,7 +42,7 @@ let in { disko.devices = { disk = { - boot = bootDisk "/dev/sda"; # "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; From 2b10a4b81d21280e7a99623d1cf0a84175274eea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:31:59 -0500 Subject: [PATCH 137/932] updated README.md --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 006fdb91..b059a712 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,12 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- GNOME default monitors per hardware configuration? -- graphics driver things should prob be in the hardware-configuration.nix - use dashes for options not camel case - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server -- STOP FROM SLEEPING +- GNOME default monitors per hardware configuration? +- stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates - Install all the things on the NAS From e65143b835705cc6479b254db649d0065de05025 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 13:31:59 -0500 Subject: [PATCH 138/932] updated README.md --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 006fdb91..b059a712 100644 --- a/README.md +++ b/README.md @@ -40,13 +40,12 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- GNOME default monitors per hardware configuration? -- graphics driver things should prob be in the hardware-configuration.nix - use dashes for options not camel case - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server -- STOP FROM SLEEPING +- GNOME default monitors per hardware configuration? +- stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates - Install all the things on the NAS From 8934d441dc6b5f9f034ed8d544b4db22d494d9dd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 19:49:30 -0500 Subject: [PATCH 139/932] fixed sops age keyFile getting sent to instal target --- README.md | 2 +- enviroments/common/default.nix | 6 +++- install.sh | 54 ++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) create mode 100755 install.sh diff --git a/README.md b/README.md index b059a712..2bfa30d9 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ keys for decrypting password secrets for each users located at `/var/lib/sops-ni updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`./install.sh --target 192.168.1.130 --flake hostname` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a6c671ce..8fb75e96 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -31,13 +31,17 @@ sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; age ={ keyFile = "/var/lib/sops-nix/key.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + sshKeyPaths = []; # generateKey = true; }; }; + environment.sessionVariables = { + AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/"; + }; # List packages installed in system profile. environment.systemPackages = with pkgs; [ diff --git a/install.sh b/install.sh new file mode 100755 index 00000000..07189989 --- /dev/null +++ b/install.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-f*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +if [ -z ${target} ]; then + echo "target is blank"; + exit 1; +fi + +if [ -z ${flake} ]; then + echo "flake is blank"; + exit 1; +fi + +temp=$(mktemp -d) +# Function to cleanup temporary directory on exit +cleanup() { + rm -rf "$temp" +} +trap cleanup EXIT + +# copy key file to temp folder to copy over to target +mkdir -p $temp$AGE_KEY_FILE_LOCATION +cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION + +# commit number in this is because the main branch of nixos-anywhere is broken right now +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 16bb44f5e86b3e908105e85fcd9c5a918dae03a7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 15 Sep 2024 19:49:30 -0500 Subject: [PATCH 140/932] fixed sops age keyFile getting sent to instal target --- README.md | 2 +- enviroments/common/default.nix | 6 +++- install.sh | 54 ++++++++++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) create mode 100755 install.sh diff --git a/README.md b/README.md index b059a712..2bfa30d9 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ keys for decrypting password secrets for each users located at `/var/lib/sops-ni updating passwords: `sops secrets/secrets.yaml` -`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/` +`./install.sh --target 192.168.1.130 --flake hostname` > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a6c671ce..8fb75e96 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -31,13 +31,17 @@ sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; age ={ keyFile = "/var/lib/sops-nix/key.txt"; - # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"]; + sshKeyPaths = []; # generateKey = true; }; }; + environment.sessionVariables = { + AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/"; + }; # List packages installed in system profile. environment.systemPackages = with pkgs; [ diff --git a/install.sh b/install.sh new file mode 100755 index 00000000..07189989 --- /dev/null +++ b/install.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-f*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +if [ -z ${target} ]; then + echo "target is blank"; + exit 1; +fi + +if [ -z ${flake} ]; then + echo "flake is blank"; + exit 1; +fi + +temp=$(mktemp -d) +# Function to cleanup temporary directory on exit +cleanup() { + rm -rf "$temp" +} +trap cleanup EXIT + +# copy key file to temp folder to copy over to target +mkdir -p $temp$AGE_KEY_FILE_LOCATION +cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION + +# commit number in this is because the main branch of nixos-anywhere is broken right now +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 8e5978d1b58995387fe12762742b23fca05d8564 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 16 Sep 2024 21:18:08 -0500 Subject: [PATCH 141/932] added key for horizon to authorized keys for defiant --- users/leyla/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 75466137..5e39f805 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -44,6 +44,12 @@ in ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; + }; } else { isSystemUser = true; } From ad44943abe68af082001457e7ae96e9069f32346 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 16 Sep 2024 21:18:08 -0500 Subject: [PATCH 142/932] added key for horizon to authorized keys for defiant --- users/leyla/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 75466137..5e39f805 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -44,6 +44,12 @@ in ]; hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; + }; } else { isSystemUser = true; } From 1ddce31f00f20a6fb71d6ce818727b97671c0dcd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 08:51:31 -0500 Subject: [PATCH 143/932] added more details to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2bfa30d9..eb07f887 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,4 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file From 764f7f57cbef94169eb8ef9d89de4c504f19840e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 08:51:31 -0500 Subject: [PATCH 144/932] added more details to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2bfa30d9..eb07f887 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,4 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file From f7248ab781fd147a86aae5b81dbf0209df124aea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:57:13 -0500 Subject: [PATCH 145/932] created disko config for defiant --- hosts/defiant/configuration.nix | 8 ++++++- hosts/defiant/disko-config.nix | 42 ++++++++++++++++++++++++++------- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 594e83fa..e42db429 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,10 @@ boot.supportedFilesystems = [ "zfs" ]; - networking.hostId = "c8985fc5"; # TODO: populate this when I get home + boot.zfs.extraPools = [ "zpool" ]; + + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE + networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; @@ -46,6 +49,9 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + # disable computer sleeping systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 10ec163d..653f29f6 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -33,7 +33,32 @@ let size = "100%"; content = { type = "zfs"; - pool = "zpool"; + pool = "zroot"; + }; + }; + }; + }; + }; + cacheDisk = devicePath: swapSize: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + encryptedSwap = { + size = swapSize; + content = { + type = "swap"; + randomEncryption = true; + discardPolicy = "both"; + resumeDevice = true; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; }; }; }; @@ -48,10 +73,10 @@ in { hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; }; zpool = { - zpool = { + zroot = { type = "zpool"; mode = { topology = { @@ -73,7 +98,7 @@ in { options = { ashift = "12"; }; - + rootFsOptions = { encryption = "on"; keyformat = "hex"; @@ -83,19 +108,18 @@ in { acltype = "posixacl"; "com.sun:auto-snapshot" = "false"; }; + + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; datasets = { - "root" = { - type = "zfs_fs"; - mountpoint = "/"; - }; "nix" = { type = "zfs_fs"; mountpoint = "/nix"; }; "home" = { type = "zfs_fs"; - mountpoint = "/home"; + mountpoint = "/mnt/home"; options = { "com.sun:auto-snapshot" = "true"; }; From c3a19fb6f91137402406e63d84abc874a23a42a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:57:13 -0500 Subject: [PATCH 146/932] created disko config for defiant --- hosts/defiant/configuration.nix | 8 ++++++- hosts/defiant/disko-config.nix | 42 ++++++++++++++++++++++++++------- 2 files changed, 40 insertions(+), 10 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 594e83fa..e42db429 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,10 @@ boot.supportedFilesystems = [ "zfs" ]; - networking.hostId = "c8985fc5"; # TODO: populate this when I get home + boot.zfs.extraPools = [ "zpool" ]; + + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE + networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. nixpkgs.config.allowUnfree = true; @@ -46,6 +49,9 @@ services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.xterm.enable = false; + # Get rid of xTerm + services.xserver.excludePackages = [ pkgs.xterm ]; + # disable computer sleeping systemd.targets.sleep.enable = false; systemd.targets.suspend.enable = false; diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 10ec163d..653f29f6 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -33,7 +33,32 @@ let size = "100%"; content = { type = "zfs"; - pool = "zpool"; + pool = "zroot"; + }; + }; + }; + }; + }; + cacheDisk = devicePath: swapSize: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + encryptedSwap = { + size = swapSize; + content = { + type = "swap"; + randomEncryption = true; + discardPolicy = "both"; + resumeDevice = true; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; }; }; }; @@ -48,10 +73,10 @@ in { hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - # ssd_2_tb_a = zfsDisk "/dev/disk/by-id/XXX"; + # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; }; zpool = { - zpool = { + zroot = { type = "zpool"; mode = { topology = { @@ -73,7 +98,7 @@ in { options = { ashift = "12"; }; - + rootFsOptions = { encryption = "on"; keyformat = "hex"; @@ -83,19 +108,18 @@ in { acltype = "posixacl"; "com.sun:auto-snapshot" = "false"; }; + + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; datasets = { - "root" = { - type = "zfs_fs"; - mountpoint = "/"; - }; "nix" = { type = "zfs_fs"; mountpoint = "/nix"; }; "home" = { type = "zfs_fs"; - mountpoint = "/home"; + mountpoint = "/mnt/home"; options = { "com.sun:auto-snapshot" = "true"; }; From 6480ca95dd13600b1b1a2c9c985bfcfdff920eea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:59:57 -0500 Subject: [PATCH 147/932] added zfs auto scrub and snapshot --- hosts/defiant/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e42db429..e7b1e5ed 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -34,6 +34,9 @@ boot.zfs.extraPools = [ "zpool" ]; + services.zfs.autoScrub.enable = true; + services.zfs.autoSnapshot.enable = true; + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. From f994ba035c3750aac46f48658c6be75839c868d9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 09:59:57 -0500 Subject: [PATCH 148/932] added zfs auto scrub and snapshot --- hosts/defiant/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e42db429..e7b1e5ed 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -34,6 +34,9 @@ boot.zfs.extraPools = [ "zpool" ]; + services.zfs.autoScrub.enable = true; + services.zfs.autoSnapshot.enable = true; + # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE networking.hostId = "c51763d6"; networking.hostName = "defiant"; # Define your hostname. From 8897a5646b8ade1d5978d1708b3ef7d7c224db4d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:00:19 -0500 Subject: [PATCH 149/932] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index eb07f887..3ba54586 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,5 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) +- zfs email after scrubbing \ No newline at end of file From a171e586bdbe686fda342d999c4b0f3e5abbf361 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:00:19 -0500 Subject: [PATCH 150/932] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index eb07f887..3ba54586 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,5 @@ updating passwords: `sops secrets/secrets.yaml` - util functions - openssh known hosts - limit boot configurations to 2 on defiant -- rotate sops encryption keys periodically (and somehow sync between devices?) \ No newline at end of file +- rotate sops encryption keys periodically (and somehow sync between devices?) +- zfs email after scrubbing \ No newline at end of file From 63d23d6c54bbe958b5d76fb339bcd21301bd4161 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:07:44 -0500 Subject: [PATCH 151/932] fixed extra pool name --- hosts/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e7b1e5ed..b705068f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,7 @@ boot.supportedFilesystems = [ "zfs" ]; - boot.zfs.extraPools = [ "zpool" ]; + boot.zfs.extraPools = [ "zroot" ]; services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot.enable = true; From afc3bab3ad0afdd28e74c99c596e2bb3178971d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:07:44 -0500 Subject: [PATCH 152/932] fixed extra pool name --- hosts/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index e7b1e5ed..b705068f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -32,7 +32,7 @@ boot.supportedFilesystems = [ "zfs" ]; - boot.zfs.extraPools = [ "zpool" ]; + boot.zfs.extraPools = [ "zroot" ]; services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot.enable = true; From 76cd196363bddeeb41ff6e1a8831497d94051d97 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:14:50 -0500 Subject: [PATCH 153/932] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ba54586..82212c9a 100644 --- a/README.md +++ b/README.md @@ -56,4 +56,5 @@ updating passwords: `sops secrets/secrets.yaml` - openssh known hosts - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) -- zfs email after scrubbing \ No newline at end of file +- zfs email after scrubbing +- tail scale on clients and PiKVM \ No newline at end of file From 772c758e23cc29a6fe7b0a3256abf60e7224cf58 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:14:50 -0500 Subject: [PATCH 154/932] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ba54586..82212c9a 100644 --- a/README.md +++ b/README.md @@ -56,4 +56,5 @@ updating passwords: `sops secrets/secrets.yaml` - openssh known hosts - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) -- zfs email after scrubbing \ No newline at end of file +- zfs email after scrubbing +- tail scale on clients and PiKVM \ No newline at end of file From f0a10c122d9911c0eff6e99dedffc84cb4c46ce9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:16:11 -0500 Subject: [PATCH 155/932] clarified task in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 82212c9a..d1758c06 100644 --- a/README.md +++ b/README.md @@ -39,8 +39,8 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case +- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server From 0f1e6a9c988045cf8428d7705b5939372b3f49c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 10:16:11 -0500 Subject: [PATCH 156/932] clarified task in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 82212c9a..d1758c06 100644 --- a/README.md +++ b/README.md @@ -39,8 +39,8 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be dynamically enabled by the users whenever they need them (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case +- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features - DISKO for server From a3a66300315043656d0910e872e663369cbaae68 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:08 -0500 Subject: [PATCH 157/932] updated rebuild.sh to support remote rebuilds --- rebuild.sh | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index 7f2a072e..c54dd1a8 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,3 +1,41 @@ #!/usr/bin/env bash -sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-h*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --mode*|-m*) + if [[ "$1" != *=* ]]; then shift; fi + mode="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +target=${target:-$(hostname)} +flake=${flake:-$target} +mode=${mode:-switch} + +if [[ "$target" == "$(hostname)" ]] +then + sudo nixos-rebuild $mode --flake .#$flake +else + nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake +fi From 5a1bc95a1a7e1f73c5fd2b1b9b9d22e5597fd822 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:08 -0500 Subject: [PATCH 158/932] updated rebuild.sh to support remote rebuilds --- rebuild.sh | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index 7f2a072e..c54dd1a8 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,3 +1,41 @@ #!/usr/bin/env bash -sudo nixos-rebuild ${1:-switch} --flake .#$(hostname) \ No newline at end of file +while [ $# -gt 0 ]; do + case "$1" in + --target*|-t*) + if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` + target="${1#*=}" + ;; + --flake*|-h*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + --mode*|-m*) + if [[ "$1" != *=* ]]; then shift; fi + mode="${1#*=}" + ;; + --help|-h) + echo "--help -h: print this message" + echo "--target -t: set the target system to install on" + echo "--flake -f: set the flake to install on the target system" + echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +target=${target:-$(hostname)} +flake=${flake:-$target} +mode=${mode:-switch} + +if [[ "$target" == "$(hostname)" ]] +then + sudo nixos-rebuild $mode --flake .#$flake +else + nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake +fi From bf0d0190473f483ee87b3a7a59c679bb1f35dbd9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:23 -0500 Subject: [PATCH 159/932] added more details to tasks in readme --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d1758c06..afd7536a 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ updating passwords: `sops secrets/secrets.yaml` - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ # Updating `nix flake update` @@ -43,12 +44,12 @@ updating passwords: `sops secrets/secrets.yaml` - use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features -- DISKO for server - GNOME default monitors per hardware configuration? - stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates -- Install all the things on the NAS +- Docker parity with existing NAS on defiant +- NFS on defiant - firefox declarative??? - figure out steam vr things? - Open GL? @@ -57,4 +58,6 @@ updating passwords: `sops secrets/secrets.yaml` - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- tail scale on clients and PiKVM \ No newline at end of file +- headscale server +- mastodon server +- tail scale clients \ No newline at end of file From 5d2b7a2ce5bbf2ad9773fb1aca5eca28d01023d7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:23 -0500 Subject: [PATCH 160/932] added more details to tasks in readme --- README.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d1758c06..afd7536a 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ updating passwords: `sops secrets/secrets.yaml` - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ # Updating `nix flake update` @@ -43,12 +44,12 @@ updating passwords: `sops secrets/secrets.yaml` - use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs ## New Features -- DISKO for server - GNOME default monitors per hardware configuration? - stop nas from sleeping - VS code extensions should be installed declaratively - Flake templates -- Install all the things on the NAS +- Docker parity with existing NAS on defiant +- NFS on defiant - firefox declarative??? - figure out steam vr things? - Open GL? @@ -57,4 +58,6 @@ updating passwords: `sops secrets/secrets.yaml` - limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- tail scale on clients and PiKVM \ No newline at end of file +- headscale server +- mastodon server +- tail scale clients \ No newline at end of file From 11603852f4c23ba718b83a201ef3341856ae752b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:40 -0500 Subject: [PATCH 161/932] added docker to defiant --- enviroments/common/default.nix | 1 + hosts/defiant/configuration.nix | 48 ++++++++++++++++++++++++++------- hosts/horizon/configuration.nix | 1 + users/leyla/default.nix | 2 +- 4 files changed, 41 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8fb75e96..f0231c3f 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -5,6 +5,7 @@ ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.trusted-users = [ "leyla" ]; # Enable networking networking.networkmanager.enable = true; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b705068f..1608e4aa 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,10 +11,6 @@ ../../enviroments/server ]; - # home.sessionVariables = { - # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; - # }; - users.leyla.isThinUser = true; boot.loader.grub = { @@ -22,14 +18,11 @@ zfsSupport = true; efiSupport = true; efiInstallAsRemovable = true; - # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; - # mirroredBoots = [ - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } - # ]; }; + virtualisation.docker.enable = true; + users.extraGroups.docker.members = [ "leyla" ]; + boot.supportedFilesystems = [ "zfs" ]; boot.zfs.extraPools = [ "zroot" ]; @@ -72,6 +65,41 @@ }; }; + fileSystems."/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; + + services.nfs.server.enable = true; + services.nfs.server.exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 9eae0575..230a83ee 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -23,6 +23,7 @@ setSocketVariable = true; }; }; + users.extraGroups.docker.members = [ "leyla" ]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 5e39f805..d0a9a968 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker" "users"] + ["networkmanager" "wheel" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From f68a46c46a0d7019c5b241687c38c648853f3f37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:13:40 -0500 Subject: [PATCH 162/932] added docker to defiant --- enviroments/common/default.nix | 1 + hosts/defiant/configuration.nix | 48 ++++++++++++++++++++++++++------- hosts/horizon/configuration.nix | 1 + users/leyla/default.nix | 2 +- 4 files changed, 41 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8fb75e96..f0231c3f 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -5,6 +5,7 @@ ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.trusted-users = [ "leyla" ]; # Enable networking networking.networkmanager.enable = true; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index b705068f..1608e4aa 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -11,10 +11,6 @@ ../../enviroments/server ]; - # home.sessionVariables = { - # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt"; - # }; - users.leyla.isThinUser = true; boot.loader.grub = { @@ -22,14 +18,11 @@ zfsSupport = true; efiSupport = true; efiInstallAsRemovable = true; - # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ]; - # mirroredBoots = [ - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } - # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; } - # ]; }; + virtualisation.docker.enable = true; + users.extraGroups.docker.members = [ "leyla" ]; + boot.supportedFilesystems = [ "zfs" ]; boot.zfs.extraPools = [ "zroot" ]; @@ -72,6 +65,41 @@ }; }; + fileSystems."/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + fileSystems."/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; + + services.nfs.server.enable = true; + services.nfs.server.exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 9eae0575..230a83ee 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -23,6 +23,7 @@ setSocketVariable = true; }; }; + users.extraGroups.docker.members = [ "leyla" ]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 5e39f805..d0a9a968 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -37,7 +37,7 @@ in if (cfg.isFullUser || cfg.isThinUser) then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "docker" "users"] + ["networkmanager" "wheel" "users"] ( lib.mkIf (!cfg.isThinUser) [ "adbusers" ] ) From 0b1309dd0f64f0e5babf302d9cd30a3bd1e41016 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:49:59 -0500 Subject: [PATCH 163/932] ran statix linter --- enviroments/client/default.nix | 61 ++++---- hosts/defiant/configuration.nix | 136 +++++++++-------- hosts/defiant/hardware-configuration.nix | 34 +++-- hosts/emergent/configuration.nix | 5 - hosts/hesperium/configuration.nix | 5 - hosts/horizon/configuration.nix | 8 +- hosts/horizon/hardware-configuration.nix | 99 ++++++------ hosts/threshold/configuration.nix | 5 - hosts/twilight/configuration.nix | 18 ++- hosts/twilight/hardware-configuration.nix | 176 ++++++++++++---------- overlays/intellij.nix | 2 +- overlays/vscodium.nix | 2 +- templates/default.nix | 2 + users/leyla/home.nix | 118 ++++++++------- users/leyla/packages.nix | 22 +-- util/default.nix | 12 +- 16 files changed, 376 insertions(+), 329 deletions(-) delete mode 100644 hosts/emergent/configuration.nix delete mode 100644 hosts/hesperium/configuration.nix delete mode 100644 hosts/threshold/configuration.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index ccc5a556..555305f8 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -4,43 +4,50 @@ ../common ]; - # Enable CUPS to print documents. - services.printing.enable = true; + services = { - # Enable the X11 windowing system. - services.xserver.enable = true; + # Enable CUPS to print documents. + printing.enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + xserver = { + # Enable the X11 windowing system. + enable = true; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + xterm.enable = false; + }; - # Configure keymap in X11 - services.xserver = { - xkb = { - layout = "us,it,de"; - variant = ""; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + xkb = { + layout = "us,it,de"; + variant = ""; + }; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; }; }; + # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; environment.systemPackages = with pkgs; [ # helvetica font diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 1608e4aa..77d07b06 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,83 +23,91 @@ virtualisation.docker.enable = true; users.extraGroups.docker.members = [ "leyla" ]; - boot.supportedFilesystems = [ "zfs" ]; - - boot.zfs.extraPools = [ "zroot" ]; - - services.zfs.autoScrub.enable = true; - services.zfs.autoSnapshot.enable = true; - - # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE - networking.hostId = "c51763d6"; - networking.hostName = "defiant"; # Define your hostname. - nixpkgs.config.allowUnfree = true; - # temp enable desktop enviroment for setup - # Enable the X11 windowing system. - services.xserver.enable = true; + services = { + zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + xserver = { + enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + # Enable the GNOME Desktop Environment. + services.xserver.displayManager = { + gdm.enable = true; + }; + services.xserver.desktopManager = { + gnome.enable = true; + desktopManager.xterm.enable = false; + }; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + }; - # disable computer sleeping - systemd.targets.sleep.enable = false; - systemd.targets.suspend.enable = false; - systemd.targets.hibernate.enable = false; - systemd.targets.hybrid-sleep.enable = false; + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; - services.openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; + nfs.server = { + enable = true; + exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; }; }; - fileSystems."/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; }; - fileSystems."/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; + fileSystems = { + "/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + "/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + "/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + "/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; }; - fileSystems."/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - fileSystems."/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - - services.nfs.server.enable = true; - services.nfs.server.exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index cd075caf..3ba63d00 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,10 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + + supportedFilesystems = [ "zfs" ]; + + zfs.extraPools = [ "zroot" ]; + }; # fileSystems."/" = # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; @@ -20,13 +28,17 @@ swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + hostId = "c51763d6"; + hostName = "defiant"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix deleted file mode 100644 index 215fc8cb..00000000 --- a/hosts/emergent/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve desktop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix deleted file mode 100644 index 8cd6f617..00000000 --- a/hosts/hesperium/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# nas -{}: -{ - -} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 230a83ee..3a270811 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,9 +11,11 @@ ../../enviroments/client ]; - users.leyla.isFullUser = true; - users.ester.isFullUser = true; - users.eve.isFullUser = true; + users = { + leyla.isFullUser = true; + ester.isFullUser = true; + eve.isFullUser = true; + }; # enabled virtualisation for docker virtualisation.docker = { diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 40561a99..96f2423f 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -8,62 +8,73 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" "sg" ]; + extraModulePackages = [ ]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; hardware.graphics.enable = true; - fileSystems."/" = - { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; - fsType = "ext4"; - }; + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/E138-65B5"; - fsType = "vfat"; - }; + "/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; services.cachefilesd.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; - swapDevices = [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; - networking.hostName = "horizon"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + hostName = "horizon"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix deleted file mode 100644 index 305f2f77..00000000 --- a/hosts/threshold/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve laptop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index fc4f4250..1352c8bb 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,15 +11,17 @@ ../../enviroments/client ]; - users.leyla = { - isFullUser = true; - hasPiperMouse = true; - hasOpenRGBHardware = true; - hasViaKeyboard = true; - hasGPU = true; + users = { + leyla = { + isFullUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; + ester.isFullUser = true; + eve.isFullUser = true; }; - users.ester.isFullUser = true; - users.eve.isFullUser = true; # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ab871e5..01f3ac6f 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -8,98 +8,112 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" "sg" ]; + extraModulePackages = [ ]; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; }; - fileSystems."/" = - { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; - fsType = "ext4"; - }; + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3006-3867"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; }; + }; + + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + "/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; - networking.hostName = "twilight"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + hostName = "twilight"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 25ee779e..65eef923 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index 902bd788..c271af34 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/templates/default.nix b/templates/default.nix index e69de29b..f9d63b0f 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -0,0 +1,2 @@ +_: +{} \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 1ae00570..40a6926b 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -3,71 +3,73 @@ { # Home Manager needs a bit of information about you and the paths it should # manage. - home.username = "leyla"; - home.homeDirectory = "/home/leyla"; + home = { + username = "leyla"; + homeDirectory = "/home/leyla"; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - home.stateVersion = "23.11"; # Please read the comment before changing. + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. - # The home.packages option allows you to install Nix packages into your - # environment. - home.packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello + # The home.packages option allows you to install Nix packages into your + # environment. + packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - home.file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - home.sessionVariables = { - # EDITOR = "emacs"; + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; }; programs = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 462c34e6..ca4ec7db 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,19 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ - code = "codium"; - }); + programs = { + bash.shellAliases = lib.mkIf cfg.isFullUser { + code = "codium"; + }; - programs.steam = lib.mkIf cfg.isFullUser ({ - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }); + steam = lib.mkIf cfg.isFullUser { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; - programs.noisetorch.enable = cfg.isFullUser; + noisetorch.enable = cfg.isFullUser; - programs.adb.enable = cfg.isFullUser; + adb.enable = cfg.isFullUser; + }; users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ diff --git a/util/default.nix b/util/default.nix index 795ad043..a4fab1ea 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,8 @@ -{ lib, ... }: +_: { - mkUnless = condition: then: (mkIf (!condition) then); - mkIfElse = condition: then: else: lib.mkMerge [ - (mkIf condition then) - (mkUnless condition else) - ]; + # mkUnless = condition: then: (mkIf (!condition) then); + # mkIfElse = condition: then: else: lib.mkMerge [ + # (mkIf condition then) + # (mkUnless condition else) + # ]; } \ No newline at end of file From 9706360841cbfbed254d5d80c4fc63792faa4d44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 16:49:59 -0500 Subject: [PATCH 164/932] ran statix linter --- enviroments/client/default.nix | 61 ++++---- hosts/defiant/configuration.nix | 136 +++++++++-------- hosts/defiant/hardware-configuration.nix | 34 +++-- hosts/emergent/configuration.nix | 5 - hosts/hesperium/configuration.nix | 5 - hosts/horizon/configuration.nix | 8 +- hosts/horizon/hardware-configuration.nix | 99 ++++++------ hosts/threshold/configuration.nix | 5 - hosts/twilight/configuration.nix | 18 ++- hosts/twilight/hardware-configuration.nix | 176 ++++++++++++---------- overlays/intellij.nix | 2 +- overlays/vscodium.nix | 2 +- templates/default.nix | 2 + users/leyla/home.nix | 118 ++++++++------- users/leyla/packages.nix | 22 +-- util/default.nix | 12 +- 16 files changed, 376 insertions(+), 329 deletions(-) delete mode 100644 hosts/emergent/configuration.nix delete mode 100644 hosts/hesperium/configuration.nix delete mode 100644 hosts/threshold/configuration.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index ccc5a556..555305f8 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -4,43 +4,50 @@ ../common ]; - # Enable CUPS to print documents. - services.printing.enable = true; + services = { - # Enable the X11 windowing system. - services.xserver.enable = true; + # Enable CUPS to print documents. + printing.enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + xserver = { + # Enable the X11 windowing system. + enable = true; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + xterm.enable = false; + }; - # Configure keymap in X11 - services.xserver = { - xkb = { - layout = "us,it,de"; - variant = ""; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + xkb = { + layout = "us,it,de"; + variant = ""; + }; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; }; }; + # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; environment.systemPackages = with pkgs; [ # helvetica font diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 1608e4aa..77d07b06 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,83 +23,91 @@ virtualisation.docker.enable = true; users.extraGroups.docker.members = [ "leyla" ]; - boot.supportedFilesystems = [ "zfs" ]; - - boot.zfs.extraPools = [ "zroot" ]; - - services.zfs.autoScrub.enable = true; - services.zfs.autoSnapshot.enable = true; - - # this might need to match the hostId of the installation medium? `head -c 8 /etc/machine-id` NOPE - networking.hostId = "c51763d6"; - networking.hostName = "defiant"; # Define your hostname. - nixpkgs.config.allowUnfree = true; - # temp enable desktop enviroment for setup - # Enable the X11 windowing system. - services.xserver.enable = true; + services = { + zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + xserver = { + enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - services.xserver.desktopManager.xterm.enable = false; + # Enable the GNOME Desktop Environment. + services.xserver.displayManager = { + gdm.enable = true; + }; + services.xserver.desktopManager = { + gnome.enable = true; + desktopManager.xterm.enable = false; + }; - # Get rid of xTerm - services.xserver.excludePackages = [ pkgs.xterm ]; + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + }; - # disable computer sleeping - systemd.targets.sleep.enable = false; - systemd.targets.suspend.enable = false; - systemd.targets.hibernate.enable = false; - systemd.targets.hybrid-sleep.enable = false; + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; - services.openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; + nfs.server = { + enable = true; + exports = '' + /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) + + /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) + /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + + # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) + # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) + ''; }; }; - fileSystems."/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; }; - fileSystems."/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; + fileSystems = { + "/srv/nfs4/docker" = { + device = "/home/docker"; + options = [ "bind" ]; + }; + + "/srv/nfs4/users" = { + device = "/home/users"; + options = [ "bind" ]; + }; + + "/srv/nfs4/leyla" = { + device = "/home/leyla"; + options = [ "bind" ]; + }; + + "/srv/nfs4/eve" = { + device = "/home/eve"; + options = [ "bind" ]; + }; }; - fileSystems."/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - fileSystems."/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - - services.nfs.server.enable = true; - services.nfs.server.exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index cd075caf..3ba63d00 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -8,10 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + + supportedFilesystems = [ "zfs" ]; + + zfs.extraPools = [ "zroot" ]; + }; # fileSystems."/" = # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; @@ -20,13 +28,17 @@ swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + hostId = "c51763d6"; + hostName = "defiant"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/emergent/configuration.nix b/hosts/emergent/configuration.nix deleted file mode 100644 index 215fc8cb..00000000 --- a/hosts/emergent/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve desktop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/hesperium/configuration.nix b/hosts/hesperium/configuration.nix deleted file mode 100644 index 8cd6f617..00000000 --- a/hosts/hesperium/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# nas -{}: -{ - -} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 230a83ee..3a270811 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -11,9 +11,11 @@ ../../enviroments/client ]; - users.leyla.isFullUser = true; - users.ester.isFullUser = true; - users.eve.isFullUser = true; + users = { + leyla.isFullUser = true; + ester.isFullUser = true; + eve.isFullUser = true; + }; # enabled virtualisation for docker virtualisation.docker = { diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 40561a99..96f2423f 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -8,62 +8,73 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" "sg" ]; + extraModulePackages = [ ]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; hardware.graphics.enable = true; - fileSystems."/" = - { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; - fsType = "ext4"; - }; + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/E138-65B5"; - fsType = "vfat"; - }; + "/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; services.cachefilesd.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; - - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; - swapDevices = [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; - networking.hostName = "horizon"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + hostName = "horizon"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/hosts/threshold/configuration.nix b/hosts/threshold/configuration.nix deleted file mode 100644 index 305f2f77..00000000 --- a/hosts/threshold/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -# eve laptop -{}: -{ - -} \ No newline at end of file diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index fc4f4250..1352c8bb 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -11,15 +11,17 @@ ../../enviroments/client ]; - users.leyla = { - isFullUser = true; - hasPiperMouse = true; - hasOpenRGBHardware = true; - hasViaKeyboard = true; - hasGPU = true; + users = { + leyla = { + isFullUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; + ester.isFullUser = true; + eve.isFullUser = true; }; - users.ester.isFullUser = true; - users.eve.isFullUser = true; # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 2ab871e5..01f3ac6f 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -8,98 +8,112 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" "sg" ]; - boot.extraModulePackages = [ ]; + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" "sg" ]; + extraModulePackages = [ ]; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Enable OpenGL - hardware.graphics.enable = true; - - # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - services.xserver.displayManager.gdm.wayland = false; - - # install graphics drivers - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; }; - fileSystems."/" = - { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; - fsType = "ext4"; - }; + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3006-3867"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; - fileSystems."/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; - fileSystems."/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; - fileSystems."/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; }; + }; + + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + "/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; swapDevices = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; - networking.hostName = "twilight"; # Define your hostname. + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; + hostName = "twilight"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 25ee779e..65eef923 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index 902bd788..c271af34 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,4 +1,4 @@ -{ ... }: +_: { nixpkgs.overlays = [ (self: super: { diff --git a/templates/default.nix b/templates/default.nix index e69de29b..f9d63b0f 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -0,0 +1,2 @@ +_: +{} \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 1ae00570..40a6926b 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -3,71 +3,73 @@ { # Home Manager needs a bit of information about you and the paths it should # manage. - home.username = "leyla"; - home.homeDirectory = "/home/leyla"; + home = { + username = "leyla"; + homeDirectory = "/home/leyla"; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - home.stateVersion = "23.11"; # Please read the comment before changing. + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. - # The home.packages option allows you to install Nix packages into your - # environment. - home.packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello + # The home.packages option allows you to install Nix packages into your + # environment. + packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - home.file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - home.sessionVariables = { - # EDITOR = "emacs"; + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; }; programs = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 462c34e6..ca4ec7db 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,19 +8,21 @@ in ../../overlays/vscodium.nix ]; - programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({ - code = "codium"; - }); + programs = { + bash.shellAliases = lib.mkIf cfg.isFullUser { + code = "codium"; + }; - programs.steam = lib.mkIf cfg.isFullUser ({ - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }); + steam = lib.mkIf cfg.isFullUser { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; - programs.noisetorch.enable = cfg.isFullUser; + noisetorch.enable = cfg.isFullUser; - programs.adb.enable = cfg.isFullUser; + adb.enable = cfg.isFullUser; + }; users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( lib.mkMerge [ diff --git a/util/default.nix b/util/default.nix index 795ad043..a4fab1ea 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,8 @@ -{ lib, ... }: +_: { - mkUnless = condition: then: (mkIf (!condition) then); - mkIfElse = condition: then: else: lib.mkMerge [ - (mkIf condition then) - (mkUnless condition else) - ]; + # mkUnless = condition: then: (mkIf (!condition) then); + # mkIfElse = condition: then: else: lib.mkMerge [ + # (mkIf condition then) + # (mkUnless condition else) + # ]; } \ No newline at end of file From 84877be6f473d825dc43397f921cf00a82cec625 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:22:30 -0500 Subject: [PATCH 165/932] removed sudo call from rebuild.sh --- rebuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index c54dd1a8..503dfdbb 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -35,7 +35,7 @@ mode=${mode:-switch} if [[ "$target" == "$(hostname)" ]] then - sudo nixos-rebuild $mode --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --flake .#$flake else nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake fi From 04dc0cb5ba92b573a594ab39406f53c6e0cde37e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:22:30 -0500 Subject: [PATCH 166/932] removed sudo call from rebuild.sh --- rebuild.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index c54dd1a8..503dfdbb 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -35,7 +35,7 @@ mode=${mode:-switch} if [[ "$target" == "$(hostname)" ]] then - sudo nixos-rebuild $mode --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --flake .#$flake else nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake fi From e2625d0c0ad632ba8081155ff115f126647e23c6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:24:09 -0500 Subject: [PATCH 167/932] added user option to rebuild.sh --- rebuild.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/rebuild.sh b/rebuild.sh index 503dfdbb..b37be136 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -14,11 +14,16 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi mode="${1#*=}" ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; --help|-h) echo "--help -h: print this message" - echo "--target -t: set the target system to install on" - echo "--flake -f: set the flake to install on the target system" - echo "--user -u: set the user to install flake as on the target system" + echo "--target -t: set the target system to rebuild on" + echo "--flake -f: set the flake to rebuild on the target system" + echo "--mode -m: set the mode to rebuild flake as on the target system" + echo "--user -u: set the user to rebuild flake as on the target system" exit 0 ;; *) @@ -32,10 +37,11 @@ done target=${target:-$(hostname)} flake=${flake:-$target} mode=${mode:-switch} +user=${user:-$USER} if [[ "$target" == "$(hostname)" ]] then nixos-rebuild $mode --use-remote-sudo --flake .#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi From 2150819f7dfff56270cecd9241ea0340cca377b9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 18:24:09 -0500 Subject: [PATCH 168/932] added user option to rebuild.sh --- rebuild.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/rebuild.sh b/rebuild.sh index 503dfdbb..b37be136 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -14,11 +14,16 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi mode="${1#*=}" ;; + --user*|-u*) + if [[ "$1" != *=* ]]; then shift; fi + user="${1#*=}" + ;; --help|-h) echo "--help -h: print this message" - echo "--target -t: set the target system to install on" - echo "--flake -f: set the flake to install on the target system" - echo "--user -u: set the user to install flake as on the target system" + echo "--target -t: set the target system to rebuild on" + echo "--flake -f: set the flake to rebuild on the target system" + echo "--mode -m: set the mode to rebuild flake as on the target system" + echo "--user -u: set the user to rebuild flake as on the target system" exit 0 ;; *) @@ -32,10 +37,11 @@ done target=${target:-$(hostname)} flake=${flake:-$target} mode=${mode:-switch} +user=${user:-$USER} if [[ "$target" == "$(hostname)" ]] then nixos-rebuild $mode --use-remote-sudo --flake .#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $USER@$target --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi From 19f2deb87f4fec50850e80c599c6b6b527f8b747 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:20 -0500 Subject: [PATCH 169/932] added headscale service --- hosts/defiant/configuration.nix | 43 ++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 77d07b06..6c2c61f4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,7 +25,9 @@ nixpkgs.config.allowUnfree = true; - services = { + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -37,12 +39,12 @@ enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager = { + displayManager = { gdm.enable = true; }; - services.xserver.desktopManager = { + desktopManager = { gnome.enable = true; - desktopManager.xterm.enable = false; + xterm.enable = false; }; # Get rid of xTerm @@ -76,6 +78,37 @@ # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) ''; }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; }; # disable computer sleeping @@ -108,6 +141,8 @@ }; }; + environment.systemPackages = [ config.services.headscale.package ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From c8a6ff7e5454dc8dbcf674a5ea1d8d5c41fe622a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:20 -0500 Subject: [PATCH 170/932] added headscale service --- hosts/defiant/configuration.nix | 43 ++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 77d07b06..6c2c61f4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,7 +25,9 @@ nixpkgs.config.allowUnfree = true; - services = { + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -37,12 +39,12 @@ enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager = { + displayManager = { gdm.enable = true; }; - services.xserver.desktopManager = { + desktopManager = { gnome.enable = true; - desktopManager.xterm.enable = false; + xterm.enable = false; }; # Get rid of xTerm @@ -76,6 +78,37 @@ # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) ''; }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; }; # disable computer sleeping @@ -108,6 +141,8 @@ }; }; + environment.systemPackages = [ config.services.headscale.package ]; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave From 0ab447e00caf5d464bdb339eb6afc87ccc83b07a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:33 -0500 Subject: [PATCH 171/932] added task to tech debt --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afd7536a..d7b83715 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs +- have nfs binds and exports defined by same code ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 41434d640056a033062c55b0a91e106fdea31ad6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:42:33 -0500 Subject: [PATCH 172/932] added task to tech debt --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afd7536a..d7b83715 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) -- use dashes for options not camel case? - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs +- have nfs binds and exports defined by same code ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 615fb21505c247e865dffd5b43fd2f5badfa0a75 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:43:02 -0500 Subject: [PATCH 173/932] added more tasks to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d7b83715..59ed5157 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code +- move services from defiant into own flake +- made base domain in nas services configurable ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 22e870288eda7ad44e9ba2f4d06e667079bc98fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 17 Sep 2024 22:43:02 -0500 Subject: [PATCH 174/932] added more tasks to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d7b83715..59ed5157 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,8 @@ updating passwords: `sops secrets/secrets.yaml` - allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code +- move services from defiant into own flake +- made base domain in nas services configurable ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From b4f3349caf8056ef5e78a65309d6f011ae2a3e0c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:06 -0500 Subject: [PATCH 175/932] managed vs code extensions though nix --- README.md | 3 +- flake.lock | 72 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 6 ++++ overlays/vscodium.nix | 24 +++++++------- users/leyla/packages.nix | 42 +++++++++++++++++++++-- 5 files changed, 131 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 59ed5157..b728b5ef 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code - move services from defiant into own flake @@ -48,7 +48,6 @@ updating passwords: `sops secrets/secrets.yaml` ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping -- VS code extensions should be installed declaratively - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant diff --git a/flake.lock b/flake.lock index 1182330e..3f277b2d 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,40 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -40,6 +74,28 @@ "type": "github" } }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726623336, + "narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1725885300, @@ -108,6 +164,7 @@ "inputs": { "disko": "disko", "home-manager": "home-manager", + "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" @@ -131,6 +188,21 @@ "repo": "sops-nix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ee87ab5e..033e2c25 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,12 @@ # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + # vscode extensions + nix-vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index c271af34..618af196 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,15 +1,15 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # ui is broken on 1.84 + # vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + # version = "1.85.2.24019"; + # src = super.fetchurl { + # sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + # url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + # }; + # }); + # }) + # ]; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index ca4ec7db..d962b34f 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, inputs, ... }: let cfg = config.users.leyla; in @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + programs = { bash.shellAliases = lib.mkIf cfg.isFullUser { code = "codium"; @@ -66,7 +72,39 @@ in (lib.mkIf cfg.hasGPU davinci-resolve) # development tools - vscodium + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with open-vsx; [ + jeanp413.open-remote-ssh + ] ++ (with vscode-marketplace; [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + karyfoundation.nearley + + # misc extensions + bungcip.better-toml + ]); + }) androidStudioPackages.canary jetbrains.idea-community dbeaver-bin From 237c01f11e0423183feb86d2869a2a7839229bd0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:06 -0500 Subject: [PATCH 176/932] managed vs code extensions though nix --- README.md | 3 +- flake.lock | 72 ++++++++++++++++++++++++++++++++++++++++ flake.nix | 6 ++++ overlays/vscodium.nix | 24 +++++++------- users/leyla/packages.nix | 42 +++++++++++++++++++++-- 5 files changed, 131 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 59ed5157..b728b5ef 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ updating passwords: `sops secrets/secrets.yaml` # Tasks: ## Tech Debt -- allowUnfree should be enabled user side not host side (this isnt enabled at all right now for some reason???) +- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code - move services from defiant into own flake @@ -48,7 +48,6 @@ updating passwords: `sops secrets/secrets.yaml` ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping -- VS code extensions should be installed declaratively - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant diff --git a/flake.lock b/flake.lock index 1182330e..3f277b2d 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,40 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -40,6 +74,28 @@ "type": "github" } }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726623336, + "narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1725885300, @@ -108,6 +164,7 @@ "inputs": { "disko": "disko", "home-manager": "home-manager", + "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" @@ -131,6 +188,21 @@ "repo": "sops-nix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ee87ab5e..033e2c25 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,12 @@ # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + # vscode extensions + nix-vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index c271af34..618af196 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,15 +1,15 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # ui is broken on 1.84 - vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - version = "1.85.2.24019"; - src = super.fetchurl { - sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - }; - }); - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # ui is broken on 1.84 + # vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + # version = "1.85.2.24019"; + # src = super.fetchurl { + # sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + # url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + # }; + # }); + # }) + # ]; } \ No newline at end of file diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index ca4ec7db..d962b34f 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, inputs, ... }: let cfg = config.users.leyla; in @@ -8,6 +8,12 @@ in ../../overlays/vscodium.nix ]; + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + programs = { bash.shellAliases = lib.mkIf cfg.isFullUser { code = "codium"; @@ -66,7 +72,39 @@ in (lib.mkIf cfg.hasGPU davinci-resolve) # development tools - vscodium + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with open-vsx; [ + jeanp413.open-remote-ssh + ] ++ (with vscode-marketplace; [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + karyfoundation.nearley + + # misc extensions + bungcip.better-toml + ]); + }) androidStudioPackages.canary jetbrains.idea-community dbeaver-bin From 4fa16929615b0e205a2c8642489c5e1414bcff3f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:36 -0500 Subject: [PATCH 177/932] added gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..e2f5dd2e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result \ No newline at end of file From 959eb2574e487f9f8e09407b6c7aefe040706103 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:12:36 -0500 Subject: [PATCH 178/932] added gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..e2f5dd2e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result \ No newline at end of file From 29506590b2df8f7530a833e4de437a72b78ab03d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:20:05 -0500 Subject: [PATCH 179/932] moved extensions over to open-vsx --- users/leyla/packages.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d962b34f..223f5685 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -75,14 +75,13 @@ in (vscode-with-extensions.override { vscode = vscodium; vscodeExtensions = with open-vsx; [ - jeanp413.open-remote-ssh - ] ++ (with vscode-marketplace; [ # vs code feel extensions ms-vscode.atom-keybindings akamud.vscode-theme-onedark streetsidesoftware.code-spell-checker streetsidesoftware.code-spell-checker-german streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh # nix extensions pinage404.nix-extension-pack @@ -99,10 +98,12 @@ in firsttris.vscode-jest-runner stylelint.vscode-stylelint tauri-apps.tauri-vscode - karyfoundation.nearley # misc extensions bungcip.better-toml + ] ++ (with vscode-marketplace; [ + # js extensions + karyfoundation.nearley ]); }) androidStudioPackages.canary From 49de4a1ab07f502e8bd7fbd2ab01a22289240651 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:20:05 -0500 Subject: [PATCH 180/932] moved extensions over to open-vsx --- users/leyla/packages.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d962b34f..223f5685 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -75,14 +75,13 @@ in (vscode-with-extensions.override { vscode = vscodium; vscodeExtensions = with open-vsx; [ - jeanp413.open-remote-ssh - ] ++ (with vscode-marketplace; [ # vs code feel extensions ms-vscode.atom-keybindings akamud.vscode-theme-onedark streetsidesoftware.code-spell-checker streetsidesoftware.code-spell-checker-german streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh # nix extensions pinage404.nix-extension-pack @@ -99,10 +98,12 @@ in firsttris.vscode-jest-runner stylelint.vscode-stylelint tauri-apps.tauri-vscode - karyfoundation.nearley # misc extensions bungcip.better-toml + ] ++ (with vscode-marketplace; [ + # js extensions + karyfoundation.nearley ]); }) androidStudioPackages.canary From 9bca1e81d28a2a43d8a618b4c2af347c0a967c46 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:21:24 -0500 Subject: [PATCH 181/932] added tech debt task to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b728b5ef..bb5fd6c9 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ updating passwords: `sops secrets/secrets.yaml` - have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable +- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From 117f394e411ce651c2d3066f722049f2d3fe6796 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 01:21:24 -0500 Subject: [PATCH 182/932] added tech debt task to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b728b5ef..bb5fd6c9 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ updating passwords: `sops secrets/secrets.yaml` - have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable +- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? - stop nas from sleeping From a99368bdb25dec3dd5cc7e011389687f6043fda6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 09:40:41 -0500 Subject: [PATCH 183/932] disabled overlay for jetbrains idea --- overlays/intellij.nix | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 65eef923..d83bd153 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,19 +1,19 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # idea is too out of date for android gradle things + # jetbrains = { + # jdk = super.jdk17; + # idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + # version = "2023.3.3"; + # name = "idea-community-${version}"; + # src = super.fetchurl { + # sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + # url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + # }; + # }); + # }; + # }) + # ]; } \ No newline at end of file From 513cc95af77693e6e1c56ae9ef9afe49b282b2b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 09:40:41 -0500 Subject: [PATCH 184/932] disabled overlay for jetbrains idea --- overlays/intellij.nix | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/overlays/intellij.nix b/overlays/intellij.nix index 65eef923..d83bd153 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,19 +1,19 @@ _: { - nixpkgs.overlays = [ - (self: super: { - # idea is too out of date for android gradle things - jetbrains = { - jdk = super.jdk17; - idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - version = "2023.3.3"; - name = "idea-community-${version}"; - src = super.fetchurl { - sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - }; - }); - }; - }) - ]; + # nixpkgs.overlays = [ + # (self: super: { + # # idea is too out of date for android gradle things + # jetbrains = { + # jdk = super.jdk17; + # idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + # version = "2023.3.3"; + # name = "idea-community-${version}"; + # src = super.fetchurl { + # sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + # url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + # }; + # }); + # }; + # }) + # ]; } \ No newline at end of file From b05f633d2e7cdd232b980f271384b1b20cabc2b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:07:17 -0500 Subject: [PATCH 185/932] moved openssh config to common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index f0231c3f..99f3e5ae 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -29,6 +29,19 @@ users.groups.users = {}; + services = { + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; + }; + sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 6c2c61f4..9e4a1e6d 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -51,17 +51,6 @@ excludePackages = [ pkgs.xterm ]; }; - openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; - }; - }; - nfs.server = { enable = true; exports = '' From dbd44077549477d6e1dbf974b79fe8d7800592c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:07:17 -0500 Subject: [PATCH 186/932] moved openssh config to common --- enviroments/common/default.nix | 13 +++++++++++++ hosts/defiant/configuration.nix | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index f0231c3f..99f3e5ae 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -29,6 +29,19 @@ users.groups.users = {}; + services = { + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; + }; + sops = { defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 6c2c61f4..9e4a1e6d 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -51,17 +51,6 @@ excludePackages = [ pkgs.xterm ]; }; - openssh = { - enable = true; - ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] - UseDns = true; - X11Forwarding = false; - }; - }; - nfs.server = { enable = true; exports = '' From f758eebc424baad5936d9c497aae5a9aafd71c3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:17:11 -0500 Subject: [PATCH 187/932] added key generation to leyla user configuration --- users/leyla/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d0a9a968..76e5a253 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -56,6 +56,15 @@ in ) ]; + # TODO: this should reference the home directory from the user config + services.openssh.hostKeys = [ + { + path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; + rounds = 100; + type = "ed25519"; + } + ]; + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file From e97b8738e5f06578531d519139ae67f4478d184a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:17:11 -0500 Subject: [PATCH 188/932] added key generation to leyla user configuration --- users/leyla/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d0a9a968..76e5a253 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -56,6 +56,15 @@ in ) ]; + # TODO: this should reference the home directory from the user config + services.openssh.hostKeys = [ + { + path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; + rounds = 100; + type = "ed25519"; + } + ]; + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } \ No newline at end of file From eafdd4c71234d3f81ff54a7fbcec1279a7bfd31c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:22:18 -0500 Subject: [PATCH 189/932] set comment on hostKeys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 76e5a253..b321cdd9 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -59,6 +59,7 @@ in # TODO: this should reference the home directory from the user config services.openssh.hostKeys = [ { + comment = "leyla@" + config.networking.hostName; path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; rounds = 100; type = "ed25519"; From 45f0ffb096766cc61e59c3f1c0d3ea800d142fb8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:22:18 -0500 Subject: [PATCH 190/932] set comment on hostKeys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 76e5a253..b321cdd9 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -59,6 +59,7 @@ in # TODO: this should reference the home directory from the user config services.openssh.hostKeys = [ { + comment = "leyla@" + config.networking.hostName; path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; rounds = 100; type = "ed25519"; From 1edaafcd1bf88cbe8930133439711a440866e1a2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:18 -0500 Subject: [PATCH 191/932] added twilight key to authorized keys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index b321cdd9..7a8dc545 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -48,6 +48,7 @@ in openssh = { authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; }; } else { From f71d104f8d152e8ead21757ec4997b92d5ba7e1c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:18 -0500 Subject: [PATCH 192/932] added twilight key to authorized keys --- users/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index b321cdd9..7a8dc545 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -48,6 +48,7 @@ in openssh = { authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; }; } else { From 0ddd754850fe7fa6f587ef50ad37296b1627da1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:27 -0500 Subject: [PATCH 193/932] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bb5fd6c9..25282142 100644 --- a/README.md +++ b/README.md @@ -62,4 +62,5 @@ updating passwords: `sops secrets/secrets.yaml` - zfs email after scrubbing - headscale server - mastodon server -- tail scale clients \ No newline at end of file +- tail scale clients +- wake on LAN \ No newline at end of file From ce8293167922a6f69e50efa6ecdfc35dad231202 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 13:26:27 -0500 Subject: [PATCH 194/932] added task to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bb5fd6c9..25282142 100644 --- a/README.md +++ b/README.md @@ -62,4 +62,5 @@ updating passwords: `sops secrets/secrets.yaml` - zfs email after scrubbing - headscale server - mastodon server -- tail scale clients \ No newline at end of file +- tail scale clients +- wake on LAN \ No newline at end of file From 29ee94d7f7302adc80a93ba265a8733177056eeb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:06:04 -0500 Subject: [PATCH 195/932] removed comments --- hosts/horizon/configuration.nix | 3 --- hosts/horizon/hardware-configuration.nix | 6 ------ hosts/twilight/hardware-configuration.nix | 2 -- 3 files changed, 11 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3a270811..f1c3bee4 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -33,9 +33,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable the OpenSSH daemon. - services.openssh.enable = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 96f2423f..76b87df3 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -66,13 +66,7 @@ ]; networking = { - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 01f3ac6f..ab24b97b 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -110,8 +110,6 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; hostName = "twilight"; # Define your hostname. }; From 24296367bcbd0a899b6998ae00980dedc4a4a7f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:06:04 -0500 Subject: [PATCH 196/932] removed comments --- hosts/horizon/configuration.nix | 3 --- hosts/horizon/hardware-configuration.nix | 6 ------ hosts/twilight/hardware-configuration.nix | 2 -- 3 files changed, 11 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 3a270811..f1c3bee4 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -33,9 +33,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # Enable the OpenSSH daemon. - services.openssh.enable = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 96f2423f..76b87df3 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -66,13 +66,7 @@ ]; networking = { - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s20f0u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 01f3ac6f..ab24b97b 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -110,8 +110,6 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; hostName = "twilight"; # Define your hostname. }; From c2d9b77eefe5e4852718e9d093aa4e3c15897f6b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:33 -0500 Subject: [PATCH 197/932] moved defiant server configuration to server folder --- enviroments/server/default.nix | 58 +++++++++++++++++++++- hosts/defiant/configuration.nix | 87 +-------------------------------- 2 files changed, 58 insertions(+), 87 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 861f1424..d3e9d638 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,7 +1,63 @@ -{ pkgs, ... }: +{ config, ... }: { imports = [ ../common ]; + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; + + environment.systemPackages = [ config.services.headscale.package ]; } \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9e4a1e6d..d2b13483 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,14 +20,9 @@ efiInstallAsRemovable = true; }; - virtualisation.docker.enable = true; - users.extraGroups.docker.members = [ "leyla" ]; - nixpkgs.config.allowUnfree = true; - services = let - headscaleDomain = "headscale.jan-leila.com"; - in { + services = { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -50,87 +45,7 @@ # Get rid of xTerm excludePackages = [ pkgs.xterm ]; }; - - nfs.server = { - enable = true; - exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - }; - - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${headscaleDomain}"; - dns_config.base_domain = "jan-leila.com"; - logtail.enabled = false; - }; - }; - - nginx = { - enable = false; # TODO: enable this when you want to test all the configs - virtualHosts = { - ${headscaleDomain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = - "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - }; - }; }; - - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - fileSystems = { - "/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; - }; - - "/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; - }; - - "/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - "/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - }; - - environment.systemPackages = [ config.services.headscale.package ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From 62fa9b60934e1e5bf7fa4440985012af2c546ec9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:33 -0500 Subject: [PATCH 198/932] moved defiant server configuration to server folder --- enviroments/server/default.nix | 58 +++++++++++++++++++++- hosts/defiant/configuration.nix | 87 +-------------------------------- 2 files changed, 58 insertions(+), 87 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 861f1424..d3e9d638 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,7 +1,63 @@ -{ pkgs, ... }: +{ config, ... }: { imports = [ ../common ]; + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; + + environment.systemPackages = [ config.services.headscale.package ]; } \ No newline at end of file diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9e4a1e6d..d2b13483 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -20,14 +20,9 @@ efiInstallAsRemovable = true; }; - virtualisation.docker.enable = true; - users.extraGroups.docker.members = [ "leyla" ]; - nixpkgs.config.allowUnfree = true; - services = let - headscaleDomain = "headscale.jan-leila.com"; - in { + services = { zfs = { autoScrub.enable = true; autoSnapshot.enable = true; @@ -50,87 +45,7 @@ # Get rid of xTerm excludePackages = [ pkgs.xterm ]; }; - - nfs.server = { - enable = true; - exports = '' - /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check) - - /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide) - /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - - # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check) - # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check) - ''; - }; - - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${headscaleDomain}"; - dns_config.base_domain = "jan-leila.com"; - logtail.enabled = false; - }; - }; - - nginx = { - enable = false; # TODO: enable this when you want to test all the configs - virtualHosts = { - ${headscaleDomain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = - "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - }; - }; }; - - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - fileSystems = { - "/srv/nfs4/docker" = { - device = "/home/docker"; - options = [ "bind" ]; - }; - - "/srv/nfs4/users" = { - device = "/home/users"; - options = [ "bind" ]; - }; - - "/srv/nfs4/leyla" = { - device = "/home/leyla"; - options = [ "bind" ]; - }; - - "/srv/nfs4/eve" = { - device = "/home/eve"; - options = [ "bind" ]; - }; - }; - - environment.systemPackages = [ config.services.headscale.package ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From f74787c63936d825109d9c14971515d9f73dd1fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:51 -0500 Subject: [PATCH 199/932] added nfs mount points for defiant to horizon --- hosts/horizon/hardware-configuration.nix | 32 ++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 76b87df3..cfd9c642 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -38,20 +38,48 @@ }; "/mnt/leyla_home" = + { + device = "defiant:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/eve_home" = + { + device = "defiant:/home/eve"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/ester_home" = + { + device = "defiant:/home/ester"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/users_home" = + { + device = "defiant:/home/users"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/legacy_leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/share_home" = + "/mnt/legacy_share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/docker_home" = + "/mnt/legacy_docker_home" = { device = "server.arpa:/home/docker"; fsType = "nfs"; From fc6438d1212608bf67401057412da4c7ac1bcdef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 18:45:51 -0500 Subject: [PATCH 200/932] added nfs mount points for defiant to horizon --- hosts/horizon/hardware-configuration.nix | 32 ++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 76b87df3..cfd9c642 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -38,20 +38,48 @@ }; "/mnt/leyla_home" = + { + device = "defiant:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/eve_home" = + { + device = "defiant:/home/eve"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/ester_home" = + { + device = "defiant:/home/ester"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/users_home" = + { + device = "defiant:/home/users"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/legacy_leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/share_home" = + "/mnt/legacy_share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/docker_home" = + "/mnt/legacy_docker_home" = { device = "server.arpa:/home/docker"; fsType = "nfs"; From b364fbb7b8edfa579f1407f7c5a4e6c5bb67d82d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:28 -0500 Subject: [PATCH 201/932] updated tasks in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 25282142..c257613f 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- stop nas from sleeping +- offline access for nfs mounts (overlay with rsync might be a good option here?) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From d443c83c4d52154c37dd1b150135c5b657e5883f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:28 -0500 Subject: [PATCH 202/932] updated tasks in readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 25282142..c257613f 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- stop nas from sleeping +- offline access for nfs mounts (overlay with rsync might be a good option here?) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From 0cc454bcac81fc5b40fa5e124f7ff3ee454eeef3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:52 -0500 Subject: [PATCH 203/932] updated options for leyla home mount --- hosts/horizon/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index cfd9c642..c940fd79 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; }; "/mnt/eve_home" = From b0e4ab8f6dba7dbc925906732fa6cf47442dd8b9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 18 Sep 2024 21:48:52 -0500 Subject: [PATCH 204/932] updated options for leyla home mount --- hosts/horizon/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index cfd9c642..c940fd79 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; }; "/mnt/eve_home" = From 8f6e6281d6d190584ba5f0d02853f0057e72bb85 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:24:56 -0500 Subject: [PATCH 205/932] added more options to leyla home mount --- hosts/horizon/hardware-configuration.nix | 38 ++++++++++++------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index c940fd79..59a900d4 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; "/mnt/eve_home" = @@ -65,26 +65,26 @@ options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/legacy_leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_leyla_home" = + # { + # device = "server.arpa:/home/leyla"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_share_home" = + # { + # device = "server.arpa:/home/share"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; + # "/mnt/legacy_docker_home" = + # { + # device = "server.arpa:/home/docker"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # }; }; services.cachefilesd.enable = true; From b7246000975b99c7ab0e67c3d8bdc219701a19f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:24:56 -0500 Subject: [PATCH 206/932] added more options to leyla home mount --- hosts/horizon/hardware-configuration.nix | 38 ++++++++++++------------ 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index c940fd79..59a900d4 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -41,7 +41,7 @@ { device = "defiant:/home/leyla"; fsType = "nfs"; - options = [ "fsc" "x-systemd.automount" "soft" "x-systemd.idle-timeout=600" ]; + options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; "/mnt/eve_home" = @@ -65,26 +65,26 @@ options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; }; - "/mnt/legacy_leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_leyla_home" = + # { + # device = "server.arpa:/home/leyla"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + # "/mnt/legacy_share_home" = + # { + # device = "server.arpa:/home/share"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; - "/mnt/legacy_docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; + # "/mnt/legacy_docker_home" = + # { + # device = "server.arpa:/home/docker"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # }; }; services.cachefilesd.enable = true; From ab27e5c3a3593dbca590ad5ad4811626fb7c0b2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:25:10 -0500 Subject: [PATCH 207/932] added note to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c257613f..b8bed400 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- offline access for nfs mounts (overlay with rsync might be a good option here?) +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From f8300aa0333f07db30a5b4dd99458cbbb4b60f0d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:25:10 -0500 Subject: [PATCH 208/932] added note to task --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c257613f..b8bed400 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ updating passwords: `sops secrets/secrets.yaml` - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) ## New Features - GNOME default monitors per hardware configuration? -- offline access for nfs mounts (overlay with rsync might be a good option here?) +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - Docker parity with existing NAS on defiant - NFS on defiant From 7090db82d38a94be6e2d262e139afef493247d1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:44:04 -0500 Subject: [PATCH 209/932] removed un needed note --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index b8bed400..662941c6 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,6 @@ updating passwords: `sops secrets/secrets.yaml` > something about ssh keys for remotes # Notes: -- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main` - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init From a4b356c1f0f1acaf4a0a7c31797abe0d1ca1fdc8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Sep 2024 09:46:13 -0500 Subject: [PATCH 210/932] updated readme.md --- README.md | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 662941c6..06850ce4 100644 --- a/README.md +++ b/README.md @@ -9,24 +9,16 @@ | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | - -### Rebuild current machine to match target host: -`sudo nixos-rebuild switch --flake .#hostname` - -### Rebuild current machine maintaining current target +### Rebuilding machines `./rebuild.sh` # New machine setup -keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` +keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` and will be copied over to new machines installed with ./`install.sh` updating passwords: `sops secrets/secrets.yaml` `./install.sh --target 192.168.1.130 --flake hostname` -> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU - -> something about ssh keys for remotes - # Notes: - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh From 34d9ec4f9d41c137f619ccddb85ff3228507baad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Sep 2024 20:21:39 -0500 Subject: [PATCH 211/932] updated flake.lock --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 3f277b2d..a4248000 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1725377834, - "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", + "lastModified": 1726842196, + "narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=", "owner": "nix-community", "repo": "disko", - "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", + "rev": "51994df8ba24d5db5459ccf17b6494643301ad28", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1725948275, - "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", + "lastModified": 1726863345, + "narHash": "sha256-fjbKe1/UJpLT6tQLAKJ/djJFdnmAh2kkdsgmylyFrQA=", "owner": "nix-community", "repo": "home-manager", - "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", + "rev": "dfe4d334b172071e7189d971ddecd3a7f811b48d", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1726623336, - "narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=", + "lastModified": 1726796602, + "narHash": "sha256-rYMcODISSljSETcqUUTMo++ZEa1CC6Xx6d3xuydishM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff", + "rev": "91dea80194080f017c6edf84fd94e33f6c12aec3", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725885300, - "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", + "lastModified": 1726724509, + "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", + "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1726755586, + "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", "type": "github" }, "original": { @@ -176,11 +176,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725922448, - "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", + "lastModified": 1726524647, + "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cede1a08039178ac12957733e97ab1006c6b6892", + "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", "type": "github" }, "original": { From 834165443a0d0cec246999d1b354f1478e91b6ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Sep 2024 20:22:30 -0500 Subject: [PATCH 212/932] added jellyfin to server config --- enviroments/server/default.nix | 49 ++++++++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index d3e9d638..3bdc8c46 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,10 +1,32 @@ -{ config, ... }: +{ config, pkgs, ... }: { imports = [ ../common ]; + users.groups.jellyfin_media = { + members = ["jellyfin" "leyla" "ester" "eve"]; + }; + + users.groups.jellyfin = { + members = ["jellyfin" "leyla"]; + }; + + users.users.jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; + }; + + systemd.tmpfiles.rules = [ + "d /home/jellyfin 755 jellyfin jellyfin -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" + "d /home/jellyfin/config 750 jellyfin jellyfin -" + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + ]; + services = let + jellyfinDomain = "jellyfin.jan-leila.com"; headscaleDomain = "headscale.jan-leila.com"; in { nfs.server = { @@ -28,6 +50,15 @@ }; }; + jellyfin = { + enable = true; + user = "jellyfin"; + group = "jellyfin"; + dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config + cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache + openFirewall = false; + }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -40,6 +71,15 @@ proxyWebsockets = true; }; }; + ${jellyfinDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:8096"; + proxyWebsockets = true; + }; + }; }; }; }; @@ -59,5 +99,10 @@ networking.firewall.allowedTCPPorts = [ 2049 ]; - environment.systemPackages = [ config.services.headscale.package ]; + environment.systemPackages = [ + config.services.headscale.package + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; } \ No newline at end of file From 2213d099d0f4239a2c648ba10188427132114872 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 20 Sep 2024 21:28:53 -0500 Subject: [PATCH 213/932] moved hardware configuration software options to hardware.nix --- README.md | 2 +- hosts/defiant/hardware-configuration.nix | 12 ++-- hosts/hardware-common.nix | 16 +++++ hosts/horizon/hardware-configuration.nix | 17 +++-- hosts/twilight/configuration.nix | 3 - hosts/twilight/hardware-configuration.nix | 88 ++++++++++++----------- users/leyla/default.nix | 3 - users/leyla/packages.nix | 6 +- 8 files changed, 85 insertions(+), 62 deletions(-) create mode 100644 hosts/hardware-common.nix diff --git a/README.md b/README.md index 06850ce4..96a36abc 100644 --- a/README.md +++ b/README.md @@ -32,11 +32,11 @@ updating passwords: `sops secrets/secrets.yaml` ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) -- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs - have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) +- server service system users should also be on local systems for file permission reasons ## New Features - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 3ba63d00..60e940bd 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -4,9 +4,10 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../hardware-common.nix + ]; boot = { initrd = { @@ -41,5 +42,8 @@ }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware = { + # TODO: hardware graphics + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } \ No newline at end of file diff --git a/hosts/hardware-common.nix b/hosts/hardware-common.nix new file mode 100644 index 00000000..dea9450d --- /dev/null +++ b/hosts/hardware-common.nix @@ -0,0 +1,16 @@ +{ lib, ... }: +{ + options = { + hardware = { + piperMouse = { + enable = lib.mkEnableOption "host has a piper mouse"; + }; + viaKeyboard = { + enable = lib.mkEnableOption "host has a via keyboard"; + }; + openRGB = { + enable = lib.mkEnableOption "host has open rgb hardware"; + }; + }; + }; +} \ No newline at end of file diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 59a900d4..82e1bf70 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -4,9 +4,10 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../hardware-common.nix + ]; boot = { initrd = { @@ -23,9 +24,6 @@ }; }; - - hardware.graphics.enable = true; - fileSystems = { "/" = { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; @@ -100,5 +98,10 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + + hardware = { + graphics.enable = true; + cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 1352c8bb..727f028f 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -14,9 +14,6 @@ users = { leyla = { isFullUser = true; - hasPiperMouse = true; - hasOpenRGBHardware = true; - hasViaKeyboard = true; hasGPU = true; }; ester.isFullUser = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index ab24b97b..0f77e814 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -4,9 +4,10 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../hardware-common.nix + ]; boot = { initrd = { @@ -31,43 +32,6 @@ displayManager.gdm.wayland = false; }; - hardware = { - # Enable OpenGL - graphics.enable = true; - - # install graphics drivers - nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - }; - fileSystems = { "/" = { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; @@ -114,6 +78,48 @@ }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + hardware = { + piperMouse.enable = true; + viaKeyboard.enable = true; + openRGB.enable = true; + + # Enable OpenGL + graphics.enable = true; + + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 7a8dc545..42fd3ab6 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -10,9 +10,6 @@ in options.users.leyla = { isFullUser = lib.mkEnableOption "create usable leyla user"; isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; - hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; - hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; - hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 223f5685..756593a4 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -118,9 +118,9 @@ in noisetorch # hardware managment tools - (lib.mkIf cfg.hasPiperMouse piper) - (lib.mkIf cfg.hasOpenRGBHardware openrgb) - (lib.mkIf cfg.hasViaKeyboard via) + (lib.mkIf config.hardware.piperMouse.enable piper) + (lib.mkIf config.hardware.openRGB.enable openrgb) + (lib.mkIf config.hardware.viaKeyboard.enable via) ] ) ) From 5da0753b7c5ec4fac8de6744aeadf665e3840ed7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 11:04:01 -0500 Subject: [PATCH 214/932] reformated file --- pkgs/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index 9a81f3b6..fbc54eef 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,3 +1,4 @@ -pkgs: { +_: +{ } \ No newline at end of file From dcd5accea05a7228979d2d75f7366ce6f041bd32 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 11:26:18 -0500 Subject: [PATCH 215/932] ran linter --- enviroments/client/default.nix | 9 +-- enviroments/common/default.nix | 17 +++-- enviroments/server/default.nix | 76 ++++++++++++++------ flake.nix | 84 +++++++++++----------- hosts/defiant/configuration.nix | 27 +++---- hosts/defiant/disko-config.nix | 16 ++--- hosts/defiant/hardware-configuration.nix | 26 ++++--- hosts/hardware-common.nix | 5 +- hosts/horizon/configuration.nix | 23 +++--- hosts/horizon/hardware-configuration.nix | 85 +++++++++++------------ hosts/twilight/configuration.nix | 23 +++--- hosts/twilight/hardware-configuration.nix | 84 +++++++++++----------- overlays/intellij.nix | 5 +- overlays/vscodium.nix | 5 +- pkgs/default.nix | 6 +- templates/default.nix | 3 +- users/default.nix | 9 ++- users/ester/default.nix | 21 +++--- users/eve/default.nix | 21 +++--- users/leyla/default.nix | 23 +++--- users/leyla/home.nix | 34 ++++----- users/leyla/packages.nix | 74 +++++++++++--------- util/default.nix | 5 +- 23 files changed, 372 insertions(+), 309 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 555305f8..86ff67be 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,11 +1,9 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { imports = [ ../common ]; services = { - # Enable CUPS to print documents. printing.enable = true; @@ -21,7 +19,7 @@ }; # Get rid of xTerm - excludePackages = [ pkgs.xterm ]; + excludePackages = [pkgs.xterm]; # Configure keymap in X11 xkb = { @@ -44,7 +42,6 @@ }; }; - # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; @@ -57,4 +54,4 @@ gnomeExtensions.dash-to-dock ]; -} \ No newline at end of file +} diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 99f3e5ae..96ad0127 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,11 +1,10 @@ -{ pkgs, ... }: -{ +{pkgs, ...}: { imports = [ - ../../users + ../../users ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nix.settings.trusted-users = [ "leyla" ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.trusted-users = ["leyla"]; # Enable networking networking.networkmanager.enable = true; @@ -32,10 +31,10 @@ services = { openssh = { enable = true; - ports = [ 22 ]; + ports = [22]; settings = { PasswordAuthentication = false; - AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + AllowUsers = ["leyla"]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; }; @@ -47,7 +46,7 @@ defaultSopsFormat = "yaml"; gnupg.sshKeyPaths = []; - age ={ + age = { keyFile = "/var/lib/sops-nix/key.txt"; sshKeyPaths = []; # generateKey = true; @@ -68,4 +67,4 @@ iputils dnsutils ]; -} \ No newline at end of file +} diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 3bdc8c46..8b32992e 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,21 +1,40 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { imports = [ ../common ]; - users.groups.jellyfin_media = { - members = ["jellyfin" "leyla" "ester" "eve"]; - }; + users = { + groups = { + jellyfin_media = { + members = ["jellyfin" "leyla" "ester" "eve"]; + }; - users.groups.jellyfin = { - members = ["jellyfin" "leyla"]; - }; + jellyfin = { + members = ["jellyfin" "leyla"]; + }; - users.users.jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; + # forgejo = { + # members = ["forgejo" "leyla"]; + # }; + }; + + users = { + jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; + }; + + # forgejo = { + # uid = 2001; + # group = "forgejo"; + # isSystemUser = true; + # }; + }; }; systemd.tmpfiles.rules = [ @@ -23,11 +42,14 @@ "d /home/jellyfin/media 775 jellyfin jellyfin_media -" "d /home/jellyfin/config 750 jellyfin jellyfin -" "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + # "d /home/forgejo 750 forgejo forgejo -" + # "d /home/forgejo/data 750 forgejo forgejo -" ]; services = let jellyfinDomain = "jellyfin.jan-leila.com"; headscaleDomain = "headscale.jan-leila.com"; + # forgejoDomain = "forgejo.jan-leila.com"; in { nfs.server = { enable = true; @@ -59,6 +81,20 @@ openFirewall = false; }; + # TODO: figure out what needs to be here + # forgejo = { + # enable = true; + # database.type = "postgres"; + # lfs.enable = true; + # settings = { + # server = { + # DOMAIN = forgejoDomain; + # HTTP_PORT = 8081; + # }; + # service.DISABLE_REGISTRATION = true; + # }; + # }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -66,20 +102,20 @@ forceSSL = true; enableACME = true; locations."/" = { - proxyPass = - "http://localhost:${toString config.services.headscale.port}"; + proxyPass = "http://localhost:${toString config.services.headscale.port}"; proxyWebsockets = true; }; }; ${jellyfinDomain} = { forceSSL = true; enableACME = true; - locations."/" = { - proxyPass = - "http://localhost:8096"; - proxyWebsockets = true; - }; + locations."/".proxyPass = "http://localhost:8096"; }; + # ${forgejoDomain} = { + # forceSSL = true; + # enableACME = true; + # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + # }; }; }; }; @@ -97,7 +133,7 @@ hybrid-sleep.enable = false; }; - networking.firewall.allowedTCPPorts = [ 2049 ]; + networking.firewall.allowedTCPPorts = [2049]; environment.systemPackages = [ config.services.headscale.package @@ -105,4 +141,4 @@ pkgs.jellyfin-web pkgs.jellyfin-ffmpeg ]; -} \ No newline at end of file +} diff --git a/flake.nix b/flake.nix index 033e2c25..70992b0b 100644 --- a/flake.nix +++ b/flake.nix @@ -23,53 +23,57 @@ # repo of hardware configs for prebuilt systems nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - # vscode extensions + # vscode extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: - let - forEachSystem = nixpkgs.lib.genAttrs [ - "aarch64-darwin" - "aarch64-linux" - "x86_64-darwin" - "x86_64-linux" - ]; - forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - in - { - packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); + outputs = { + self, + nixpkgs, + disko, + nixos-hardware, + ... + } @ inputs: let + forEachSystem = nixpkgs.lib.genAttrs [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; + forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); + in { + packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); - nixosConfigurations = { - # Leyla Laptop - horizon = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/horizon/configuration.nix - inputs.home-manager.nixosModules.default - nixos-hardware.nixosModules.framework-11th-gen-intel - ]; - }; - # Leyla Desktop - twilight = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/twilight/configuration.nix - inputs.home-manager.nixosModules.default - ]; - }; - # NAS Service - defiant = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - disko.nixosModules.disko - ./hosts/defiant/disko-config.nix - ./hosts/defiant/configuration.nix - ]; - }; + nixosConfigurations = { + # Leyla Laptop + horizon = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/horizon/configuration.nix + inputs.home-manager.nixosModules.default + nixos-hardware.nixosModules.framework-11th-gen-intel + ]; + }; + # Leyla Desktop + twilight = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/twilight/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + # NAS Service + defiant = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + disko.nixosModules.disko + ./hosts/defiant/disko-config.nix + ./hosts/defiant/configuration.nix + ]; }; }; + }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index d2b13483..42cf19fc 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -1,15 +1,18 @@ # server nas -{ config, pkgs, inputs, ... }: { - imports = - [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops + config, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops - ./hardware-configuration.nix - - ../../enviroments/server - ]; + ./hardware-configuration.nix + + ../../enviroments/server + ]; users.leyla.isThinUser = true; @@ -27,7 +30,7 @@ autoScrub.enable = true; autoSnapshot.enable = true; }; - + # temp enable desktop enviroment for setup # Enable the X11 windowing system. xserver = { @@ -43,7 +46,7 @@ }; # Get rid of xTerm - excludePackages = [ pkgs.xterm ]; + excludePackages = [pkgs.xterm]; }; }; @@ -54,4 +57,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? -} \ No newline at end of file +} diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index 653f29f6..a913aeb9 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -1,11 +1,10 @@ -{ lib, ... }: -let +{lib, ...}: let bootDisk = devicePath: { type = "disk"; device = devicePath; content = { type = "gpt"; - + partitions = { boot = { size = "1M"; @@ -86,11 +85,13 @@ in { # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? mode = "mirror"; members = [ - "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + "hd_13_tb_a" + "hd_13_tb_b" + "hd_13_tb_c" ]; } ]; - cache = [ ]; + cache = []; # cache = [ "ssd_2_tb_a" ]; }; }; @@ -98,7 +99,7 @@ in { options = { ashift = "12"; }; - + rootFsOptions = { encryption = "on"; keyformat = "hex"; @@ -111,7 +112,7 @@ in { mountpoint = "/"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; - + datasets = { "nix" = { type = "zfs_fs"; @@ -133,4 +134,3 @@ in { }; }; } - diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 60e940bd..219b6a55 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -1,9 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../hardware-common.nix @@ -11,15 +15,15 @@ boot = { initrd = { - availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - kernelModules = [ ]; + availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; + kernelModules = []; }; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - - supportedFilesystems = [ "zfs" ]; + kernelModules = ["kvm-amd"]; + extraModulePackages = []; - zfs.extraPools = [ "zroot" ]; + supportedFilesystems = ["zfs"]; + + zfs.extraPools = ["zroot"]; }; # fileSystems."/" = @@ -27,7 +31,7 @@ # fsType = "ext4"; # }; - swapDevices = [ ]; + swapDevices = []; networking = { # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -46,4 +50,4 @@ # TODO: hardware graphics cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; -} \ No newline at end of file +} diff --git a/hosts/hardware-common.nix b/hosts/hardware-common.nix index dea9450d..920d6092 100644 --- a/hosts/hardware-common.nix +++ b/hosts/hardware-common.nix @@ -1,5 +1,4 @@ -{ lib, ... }: -{ +{lib, ...}: { options = { hardware = { piperMouse = { @@ -13,4 +12,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index f1c3bee4..1bd5bfca 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,15 +1,18 @@ # leyla laptop -{ config, pkgs, inputs, ... }: { - imports = - [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops + config, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops - ./hardware-configuration.nix - - ../../enviroments/client - ]; + ./hardware-configuration.nix + + ../../enviroments/client + ]; users = { leyla.isFullUser = true; @@ -25,7 +28,7 @@ setSocketVariable = true; }; }; - users.extraGroups.docker.members = [ "leyla" ]; + users.extraGroups.docker.members = ["leyla"]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 82e1bf70..1e203f34 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -1,9 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../hardware-common.nix @@ -11,12 +15,12 @@ boot = { initrd = { - availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - kernelModules = [ ]; + availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; + kernelModules = []; }; - kernelModules = [ "kvm-intel" "sg" ]; - extraModulePackages = [ ]; - + kernelModules = ["kvm-intel" "sg"]; + extraModulePackages = []; + # Bootloader. loader = { systemd-boot.enable = true; @@ -25,43 +29,39 @@ }; fileSystems = { - "/" = - { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; - fsType = "ext4"; - }; + "/" = { + device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; - "/boot" = - { device = "/dev/disk/by-uuid/E138-65B5"; - fsType = "vfat"; - }; + "/boot" = { + device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; - "/mnt/leyla_home" = - { - device = "defiant:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/leyla_home" = { + device = "defiant:/home/leyla"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/eve_home" = - { - device = "defiant:/home/eve"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/eve_home" = { + device = "defiant:/home/eve"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/ester_home" = - { - device = "defiant:/home/ester"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/ester_home" = { + device = "defiant:/home/ester"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/users_home" = - { - device = "defiant:/home/users"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/users_home" = { + device = "defiant:/home/users"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; # "/mnt/legacy_leyla_home" = # { @@ -87,9 +87,9 @@ services.cachefilesd.enable = true; - swapDevices = - [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} + ]; networking = { useDHCP = lib.mkDefault true; @@ -99,7 +99,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware = { graphics.enable = true; cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 727f028f..991ecbc3 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,15 +1,18 @@ # leyla laptop -{ config, pkgs, inputs, ... }: { - imports = - [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops + config, + pkgs, + inputs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops - ./hardware-configuration.nix - - ../../enviroments/client - ]; + ./hardware-configuration.nix + + ../../enviroments/client + ]; users = { leyla = { @@ -19,7 +22,7 @@ ester.isFullUser = true; eve.isFullUser = true; }; - + # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index 0f77e814..b2f11ee1 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -1,9 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ../hardware-common.nix @@ -11,11 +15,11 @@ boot = { initrd = { - availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - kernelModules = [ ]; + availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + kernelModules = []; }; - kernelModules = [ "kvm-amd" "sg" ]; - extraModulePackages = [ ]; + kernelModules = ["kvm-amd" "sg"]; + extraModulePackages = []; # Bootloader. loader = { @@ -33,40 +37,37 @@ }; fileSystems = { - "/" = - { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; - fsType = "ext4"; - }; + "/" = { + device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; - "/boot" = - { device = "/dev/disk/by-uuid/3006-3867"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - "/mnt/leyla_home" = - { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/boot" = { + device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; - "/mnt/share_home" = - { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - }; + "/mnt/leyla_home" = { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - "/mnt/docker_home" = - { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; + "/mnt/share_home" = { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; + + "/mnt/docker_home" = { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; + }; }; - swapDevices = [ ]; + swapDevices = []; networking = { # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -86,7 +87,7 @@ # Enable OpenGL graphics.enable = true; - + # install graphics drivers nvidia = { # Modesetting is required. @@ -94,7 +95,7 @@ # Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. powerManagement.enable = false; @@ -104,15 +105,15 @@ # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ # Currently alpha-quality/buggy, so false is currently the recommended setting. open = false; # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. + # accessible via `nvidia-settings`. nvidiaSettings = true; # Optionally, you may need to select the appropriate driver version for your specific GPU. @@ -122,4 +123,3 @@ cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; } - diff --git a/overlays/intellij.nix b/overlays/intellij.nix index d83bd153..c9075885 100644 --- a/overlays/intellij.nix +++ b/overlays/intellij.nix @@ -1,5 +1,4 @@ -_: -{ +_: { # nixpkgs.overlays = [ # (self: super: { # # idea is too out of date for android gradle things @@ -16,4 +15,4 @@ _: # }; # }) # ]; -} \ No newline at end of file +} diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix index 618af196..7c5f863a 100644 --- a/overlays/vscodium.nix +++ b/overlays/vscodium.nix @@ -1,5 +1,4 @@ -_: -{ +_: { # nixpkgs.overlays = [ # (self: super: { # # ui is broken on 1.84 @@ -12,4 +11,4 @@ _: # }); # }) # ]; -} \ No newline at end of file +} diff --git a/pkgs/default.nix b/pkgs/default.nix index fbc54eef..87a13d7f 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,2 @@ -_: -{ - -} \ No newline at end of file +_: { +} diff --git a/templates/default.nix b/templates/default.nix index f9d63b0f..eed71245 100644 --- a/templates/default.nix +++ b/templates/default.nix @@ -1,2 +1 @@ -_: -{} \ No newline at end of file +_: {} diff --git a/users/default.nix b/users/default.nix index 57effe39..4c0b5d70 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,8 +1,7 @@ -{ inputs, ... }: -{ - imports = [ ./leyla ./ester ./eve ]; +{inputs, ...}: { + imports = [./leyla ./ester ./eve]; users.mutableUsers = false; - home-manager.extraSpecialArgs = { inherit inputs; }; -} \ No newline at end of file + home-manager.extraSpecialArgs = {inherit inputs;}; +} diff --git a/users/ester/default.nix b/users/ester/default.nix index 156716f3..a16b69b0 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -1,8 +1,11 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.users.ester; -in { + lib, + config, + pkgs, + ... +}: let + cfg = config.users.ester; +in { options.users.ester = { isFullUser = lib.mkEnableOption "ester"; }; @@ -25,9 +28,10 @@ in } ( - if cfg.isFullUser then { + if cfg.isFullUser + then { isNormalUser = true; - extraGroups = [ "networkmanager" "users" ]; + extraGroups = ["networkmanager" "users"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; @@ -36,10 +40,11 @@ in bitwarden discord ]; - } else { + } + else { isSystemUser = true; } ) ]; }; -} \ No newline at end of file +} diff --git a/users/eve/default.nix b/users/eve/default.nix index 4ed06a8e..8ad6b61a 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -1,8 +1,11 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.users.eve; -in { + lib, + config, + pkgs, + ... +}: let + cfg = config.users.eve; +in { options.users.eve = { isFullUser = lib.mkEnableOption "eve"; }; @@ -25,9 +28,10 @@ in } ( - if cfg.isFullUser then { + if cfg.isFullUser + then { isNormalUser = true; - extraGroups = [ "networkmanager" "users" ]; + extraGroups = ["networkmanager" "users"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; @@ -38,10 +42,11 @@ in makemkv signal-desktop ]; - } else { + } + else { isSystemUser = true; } ) ]; }; -} \ No newline at end of file +} diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 42fd3ab6..9454c2d8 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,9 +1,12 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.users.leyla; -in { - imports =[ + lib, + config, + pkgs, + ... +}: let + cfg = config.users.leyla; +in { + imports = [ ./packages.nix ]; @@ -31,12 +34,13 @@ in } ( - if (cfg.isFullUser || cfg.isThinUser) then { + if (cfg.isFullUser || cfg.isThinUser) + then { isNormalUser = true; extraGroups = lib.mkMerge [ ["networkmanager" "wheel" "users"] ( - lib.mkIf (!cfg.isThinUser) [ "adbusers" ] + lib.mkIf (!cfg.isThinUser) ["adbusers"] ) ]; @@ -48,7 +52,8 @@ in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; }; - } else { + } + else { isSystemUser = true; } ) @@ -66,4 +71,4 @@ in home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; -} \ No newline at end of file +} diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 40a6926b..fdca2574 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { # Home Manager needs a bit of information about you and the paths it should # manage. home = { @@ -73,11 +75,11 @@ }; programs = { - # Let Home Manager install and manage itself. + # Let Home Manager install and manage itself. home-manager.enable = true; git = { enable = true; - userName = "Leyla Becker"; + userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; }; @@ -89,18 +91,18 @@ "org/gnome/desktop/interface".color-scheme = "prefer-dark"; "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 756593a4..e206d22f 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,8 +1,12 @@ -{ lib, config, pkgs, inputs, ... }: -let - cfg = config.users.leyla; -in { + lib, + config, + pkgs, + inputs, + ... +}: let + cfg = config.users.leyla; +in { imports = [ ../../overlays/intellij.nix ../../overlays/vscodium.nix @@ -70,41 +74,43 @@ in obsidian steam (lib.mkIf cfg.hasGPU davinci-resolve) - + # development tools (vscode-with-extensions.override { vscode = vscodium; - vscodeExtensions = with open-vsx; [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + vscodeExtensions = with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # misc extensions - bungcip.better-toml - ] ++ (with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # misc extensions + bungcip.better-toml + ] + ++ (with vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); }) androidStudioPackages.canary jetbrains.idea-community @@ -126,4 +132,4 @@ in ) ] ); -} \ No newline at end of file +} diff --git a/util/default.nix b/util/default.nix index a4fab1ea..acd1997c 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,7 @@ -_: -{ +_: { # mkUnless = condition: then: (mkIf (!condition) then); # mkIfElse = condition: then: else: lib.mkMerge [ # (mkIf condition then) # (mkUnless condition else) # ]; -} \ No newline at end of file +} From c236668389ff2a0eb8af24209846990f812ddf1c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 11:27:52 -0500 Subject: [PATCH 216/932] added linting command to readme --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 96a36abc..b0458e1b 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,11 @@ updating passwords: `sops secrets/secrets.yaml` - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ -# Updating +# Tooling +## Lint +`nix run git+https://github.com/kamadorueda/alejandra -- .` + +## Updating `nix flake update` # Tasks: From 52ae2ef47dd78ddb8ee1c559d2208f51a992172f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:12:58 -0500 Subject: [PATCH 217/932] added pre and post commit hooks to run linting --- hooks/post-commit | 3 +++ hooks/pre-commit | 11 +++++++++++ lint.sh | 3 +++ 3 files changed, 17 insertions(+) create mode 100755 hooks/post-commit create mode 100755 hooks/pre-commit create mode 100755 lint.sh diff --git a/hooks/post-commit b/hooks/post-commit new file mode 100755 index 00000000..78038507 --- /dev/null +++ b/hooks/post-commit @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +git stash pop -q diff --git a/hooks/pre-commit b/hooks/pre-commit new file mode 100755 index 00000000..57214721 --- /dev/null +++ b/hooks/pre-commit @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +git stash -q --keep-index + +./lint.sh + +RESULT=$? + +git add -u + +exit $RESULT \ No newline at end of file diff --git a/lint.sh b/lint.sh new file mode 100755 index 00000000..3fc29e9b --- /dev/null +++ b/lint.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +nix run git+https://github.com/kamadorueda/alejandra -- -q . From 7e4817db1c4189422afe873b576989e3d484f691 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:15:09 -0500 Subject: [PATCH 218/932] updated readme.md --- README.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index b0458e1b..4bed40f2 100644 --- a/README.md +++ b/README.md @@ -9,28 +9,29 @@ | `emergent` | Desktop Computer | Eve | Laptop | | `threshold` | Laptop | Eve | Desktop | -### Rebuilding machines +# Tooling +## Lint +`./lint.sh` + +## Rebuilding `./rebuild.sh` -# New machine setup -keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` and will be copied over to new machines installed with ./`install.sh` - -updating passwords: `sops secrets/secrets.yaml` +## Updating +`nix flake update` +## New host setup `./install.sh --target 192.168.1.130 --flake hostname` # Notes: + +## Research topics - Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ -# Tooling -## Lint -`nix run git+https://github.com/kamadorueda/alejandra -- .` - -## Updating -`nix flake update` +## Configuration +updating passwords: `sops secrets/secrets.yaml` # Tasks: From 6e527026b6ff45ffd5e2c17bbabdea1e0f733a60 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:17:54 -0500 Subject: [PATCH 219/932] added config note to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4bed40f2..a33eb2c4 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ ## Configuration updating passwords: `sops secrets/secrets.yaml` +set up git pre-commit and post commit hooks: `git config core.hooksPath hooks` # Tasks: From a21606e51edfbf28904aa400497143e07ebc4f79 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:20:17 -0500 Subject: [PATCH 220/932] updated git config note in README.md --- .gitconfig | 2 ++ README.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 .gitconfig diff --git a/.gitconfig b/.gitconfig new file mode 100644 index 00000000..1c8d4a7e --- /dev/null +++ b/.gitconfig @@ -0,0 +1,2 @@ +[core] + hooksPath = .githooks diff --git a/README.md b/README.md index a33eb2c4..07276ed1 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ ## Configuration updating passwords: `sops secrets/secrets.yaml` -set up git pre-commit and post commit hooks: `git config core.hooksPath hooks` +set up git configuration for local development: `git config --local include.path .gitconfig` # Tasks: From 630eb55f09d5c139be4c36bb8f6816a597e3dc6f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:24:03 -0500 Subject: [PATCH 221/932] removed resolved task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 07276ed1..d6830d5a 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,6 @@ set up git configuration for local development: `git config --local include.path ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) -- have nfs binds and exports defined by same code - move services from defiant into own flake - made base domain in nas services configurable - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) From a0e047db97bb456c5b983b1e2e94644ae2a92860 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:24:54 -0500 Subject: [PATCH 222/932] updated hooks folder location --- .gitconfig | 2 +- {hooks => .hooks}/post-commit | 0 {hooks => .hooks}/pre-commit | 0 3 files changed, 1 insertion(+), 1 deletion(-) rename {hooks => .hooks}/post-commit (100%) rename {hooks => .hooks}/pre-commit (100%) diff --git a/.gitconfig b/.gitconfig index 1c8d4a7e..78d2a4ad 100644 --- a/.gitconfig +++ b/.gitconfig @@ -1,2 +1,2 @@ [core] - hooksPath = .githooks + hooksPath = .hooks diff --git a/hooks/post-commit b/.hooks/post-commit similarity index 100% rename from hooks/post-commit rename to .hooks/post-commit diff --git a/hooks/pre-commit b/.hooks/pre-commit similarity index 100% rename from hooks/pre-commit rename to .hooks/pre-commit From e3990cb6d2991a68c767dc2f2ff6bfa25c1269fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 12:52:44 -0500 Subject: [PATCH 223/932] made services in defiant configurable --- README.md | 2 - enviroments/server/default.nix | 271 ++++++++++++++++++-------------- hosts/defiant/configuration.nix | 4 + 3 files changed, 157 insertions(+), 120 deletions(-) diff --git a/README.md b/README.md index d6830d5a..bb41e979 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,6 @@ set up git configuration for local development: `git config --local include.path ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) -- move services from defiant into own flake -- made base domain in nas services configurable - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - server service system users should also be on local systems for file permission reasons ## New Features diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 8b32992e..f7f7e257 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,4 +1,5 @@ { + lib, config, pkgs, ... @@ -7,138 +8,172 @@ ../common ]; - users = { - groups = { - jellyfin_media = { - members = ["jellyfin" "leyla" "ester" "eve"]; + options = { + domains = { + base_domain = lib.mkOption { type = lib.types.str; }; + headscale = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that headscale will be hosted at"; + default = "headscale"; + }; }; - jellyfin = { - members = ["jellyfin" "leyla"]; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that jellyfin will be hosted at"; + default = "${config.domains.jellyfin.subdomain}.${config.domains.base_domain}"; + }; }; - - # forgejo = { - # members = ["forgejo" "leyla"]; - # }; - }; - - users = { - jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; + forgejo = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that foregjo will be hosted at"; + default = "forgejo"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that forgejo will be hosted at"; + default = "${config.domains.forgejo.subdomain}.${config.domains.base_domain}"; + }; }; - - # forgejo = { - # uid = 2001; - # group = "forgejo"; - # isSystemUser = true; - # }; }; }; - systemd.tmpfiles.rules = [ - "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" - "d /home/jellyfin/config 750 jellyfin jellyfin -" - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" - # "d /home/forgejo 750 forgejo forgejo -" - # "d /home/forgejo/data 750 forgejo forgejo -" - ]; + config = { + users = { + groups = { + jellyfin_media = { + members = ["jellyfin" "leyla" "ester" "eve"]; + }; - services = let - jellyfinDomain = "jellyfin.jan-leila.com"; - headscaleDomain = "headscale.jan-leila.com"; - # forgejoDomain = "forgejo.jan-leila.com"; - in { - nfs.server = { - enable = true; - exports = '' - /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - ''; - }; + jellyfin = { + members = ["jellyfin" "leyla"]; + }; - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${headscaleDomain}"; - dns_config.base_domain = "jan-leila.com"; - logtail.enabled = false; + # forgejo = { + # members = ["forgejo" "leyla"]; + # }; }; - }; - jellyfin = { - enable = true; - user = "jellyfin"; - group = "jellyfin"; - dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config - cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache - openFirewall = false; - }; - - # TODO: figure out what needs to be here - # forgejo = { - # enable = true; - # database.type = "postgres"; - # lfs.enable = true; - # settings = { - # server = { - # DOMAIN = forgejoDomain; - # HTTP_PORT = 8081; - # }; - # service.DISABLE_REGISTRATION = true; - # }; - # }; - - nginx = { - enable = false; # TODO: enable this when you want to test all the configs - virtualHosts = { - ${headscaleDomain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; + users = { + jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; }; - ${jellyfinDomain} = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:8096"; - }; - # ${forgejoDomain} = { - # forceSSL = true; - # enableACME = true; - # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + + # forgejo = { + # uid = 2001; + # group = "forgejo"; + # isSystemUser = true; # }; }; }; + + systemd.tmpfiles.rules = [ + "d /home/jellyfin 755 jellyfin jellyfin -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" + "d /home/jellyfin/config 750 jellyfin jellyfin -" + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + # "d /home/forgejo 750 forgejo forgejo -" + # "d /home/forgejo/data 750 forgejo forgejo -" + ]; + + services = { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "${config.domains.headscale.subdomain}.${config.domains.base_domain}"; + dns_config.base_domain = config.domains.base_domain; + logtail.enabled = false; + }; + }; + + jellyfin = { + enable = true; + user = "jellyfin"; + group = "jellyfin"; + dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config + cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache + }; + + # TODO: figure out what needs to be here + # forgejo = { + # enable = true; + # database.type = "postgres"; + # lfs.enable = true; + # settings = { + # server = { + # DOMAIN = forgejoDomain; + # HTTP_PORT = 8081; + # }; + # service.DISABLE_REGISTRATION = true; + # }; + # }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${config.domains.headscale.hostname} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + ${config.domains.jellyfin.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:8096"; + }; + # ${config.domains.forgejo.hostname} = { + # forceSSL = true; + # enableACME = true; + # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + # }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [2049]; + + environment.systemPackages = [ + config.services.headscale.package + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; }; - - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - networking.firewall.allowedTCPPorts = [2049]; - - environment.systemPackages = [ - config.services.headscale.package - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 42cf19fc..1fd09eb1 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,6 +25,10 @@ nixpkgs.config.allowUnfree = true; + domains = { + base_domain = "jan-leila.com"; + }; + services = { zfs = { autoScrub.enable = true; From 9c05ba0593392291512d67b3ef0e333f22467934 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 15:09:03 -0500 Subject: [PATCH 224/932] fixed headscale server url --- enviroments/server/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index f7f7e257..0988c4d8 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -101,7 +101,7 @@ address = "0.0.0.0"; port = 8080; settings = { - server_url = "${config.domains.headscale.subdomain}.${config.domains.base_domain}"; + server_url = "http://${config.domains.headscale.subdomain}.${config.domains.base_domain}"; dns_config.base_domain = config.domains.base_domain; logtail.enabled = false; }; From 949726e8510e4caa0e6660c01a53e6d02ba95705 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 15:09:17 -0500 Subject: [PATCH 225/932] created postgresql service --- enviroments/server/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 0988c4d8..503c37a0 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -96,6 +96,22 @@ ''; }; + postgresql = { + enable = true; + ensureDatabases = [ "forgejo" ]; + identMap = '' + # ArbitraryMapName systemUser DBUser + superuser_map root postgres + superuser_map postgres postgres + superuser_map forgejo forgejo + ''; + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser auth-method optional_ident_map + local sameuser all peer map=superuser_map + ''; + }; + headscale = { enable = true; address = "0.0.0.0"; From ef9e1d7e6ac5bfe9463e3c5b5bc1fe936383219a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 16:44:22 -0500 Subject: [PATCH 226/932] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bb41e979..1ef5e50e 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,7 @@ set up git configuration for local development: `git config --local include.path - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - server service system users should also be on local systems for file permission reasons +- join config for systemd.tmpfiles.rules and service directory bindings ## New Features - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) From 7b4639b78c677659745f6649de7da8f8c69761f4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 16:57:08 -0500 Subject: [PATCH 227/932] finished forgejo configuration --- enviroments/server/default.nix | 69 ++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 503c37a0..20acb89e 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -48,17 +48,20 @@ config = { users = { groups = { - jellyfin_media = { - members = ["jellyfin" "leyla" "ester" "eve"]; - }; - jellyfin = { + gid = 2000; members = ["jellyfin" "leyla"]; }; - # forgejo = { - # members = ["forgejo" "leyla"]; - # }; + jellyfin_media = { + gid = 2001; + members = ["jellyfin" "leyla" "ester" "eve"]; + }; + + forgejo = { + uid = 2002; + members = ["forgejo" "leyla"]; + }; }; users = { @@ -68,11 +71,11 @@ isSystemUser = true; }; - # forgejo = { - # uid = 2001; - # group = "forgejo"; - # isSystemUser = true; - # }; + forgejo = { + uid = 2002; + group = "forgejo"; + isSystemUser = true; + }; }; }; @@ -81,8 +84,8 @@ "d /home/jellyfin/media 775 jellyfin jellyfin_media -" "d /home/jellyfin/config 750 jellyfin jellyfin -" "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" - # "d /home/forgejo 750 forgejo forgejo -" - # "d /home/forgejo/data 750 forgejo forgejo -" + "d /home/forgejo 750 forgejo forgejo -" + "d /home/forgejo/data 750 forgejo forgejo -" ]; services = { @@ -131,19 +134,19 @@ cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache }; - # TODO: figure out what needs to be here - # forgejo = { - # enable = true; - # database.type = "postgres"; - # lfs.enable = true; - # settings = { - # server = { - # DOMAIN = forgejoDomain; - # HTTP_PORT = 8081; - # }; - # service.DISABLE_REGISTRATION = true; - # }; - # }; + forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = config.domains.forgejo.hostname; + HTTP_PORT = 8081; + }; + service.DISABLE_REGISTRATION = true; + }; + stateDir = "/home/forgejo/data"; + }; nginx = { enable = false; # TODO: enable this when you want to test all the configs @@ -161,11 +164,11 @@ enableACME = true; locations."/".proxyPass = "http://localhost:8096"; }; - # ${config.domains.forgejo.hostname} = { - # forceSSL = true; - # enableACME = true; - # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; - # }; + ${config.domains.forgejo.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + }; }; }; }; @@ -183,7 +186,7 @@ hybrid-sleep.enable = false; }; - networking.firewall.allowedTCPPorts = [2049]; + networking.firewall.allowedTCPPorts = [2049 8081]; environment.systemPackages = [ config.services.headscale.package From 8a38515694b493a038f80b62ecfeca7a02ef1b39 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 17:19:20 -0500 Subject: [PATCH 228/932] set subdomains for defiant --- hosts/defiant/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 1fd09eb1..05c590e8 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -27,6 +27,9 @@ domains = { base_domain = "jan-leila.com"; + headscale.subdomain = "vpn"; + jellyfin.subdomain = "media"; + forgejo.subdomain = "git"; }; services = { From a566e56a94abc6e30a6ba99a3d16c34a0792358d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 17:21:29 -0500 Subject: [PATCH 229/932] ran linter --- enviroments/server/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 20acb89e..55702075 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -10,7 +10,9 @@ options = { domains = { - base_domain = lib.mkOption { type = lib.types.str; }; + base_domain = lib.mkOption { + type = lib.types.str; + }; headscale = { subdomain = lib.mkOption { type = lib.types.str; @@ -101,7 +103,7 @@ postgresql = { enable = true; - ensureDatabases = [ "forgejo" ]; + ensureDatabases = ["forgejo"]; identMap = '' # ArbitraryMapName systemUser DBUser superuser_map root postgres From 521d3193999e75fe7a25f393e5f8f28fb35216c3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 17:52:10 -0500 Subject: [PATCH 230/932] added research note to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1ef5e50e..82226531 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ +- Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html ## Configuration updating passwords: `sops secrets/secrets.yaml` From 7c7468cf20f2c6a08d4fc8b5af6f7be46361cb7f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 18:50:04 -0500 Subject: [PATCH 231/932] drafted out pihole config --- enviroments/server/default.nix | 90 +++++++++++++++++++++++++++------- 1 file changed, 73 insertions(+), 17 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 55702075..defb37b7 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -61,9 +61,14 @@ }; forgejo = { - uid = 2002; + gid = 2002; members = ["forgejo" "leyla"]; }; + + # pihole = { + # gid = 2003; + # members = ["pihole" "leyla"]; + # }; }; users = { @@ -78,17 +83,76 @@ group = "forgejo"; isSystemUser = true; }; + + # pihole = { + # uid = 2003; + # group = "forgejo"; + # isSystemUser = true; + # }; }; }; - systemd.tmpfiles.rules = [ - "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" - "d /home/jellyfin/config 750 jellyfin jellyfin -" - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" - "d /home/forgejo 750 forgejo forgejo -" - "d /home/forgejo/data 750 forgejo forgejo -" - ]; + # virtualisation.oci-containers.containers.pihole = { + # image = "pihole/pihole:latest"; + # environment = { + # TZ = "America/Chicago"; # TODO: set this to the systems timezone + # WEBPASSWORD_FILE = "..."; # TODO: set this from secrets file/config that is set to secrets file (I think this also needs to be mounted in volumns?) + # }; + # volumes = [ + # "/home/docker/pihole:/etc/pihole:rw" # TODO; set this based on configs + # ]; + # ports = [ + # "53:53/tcp" + # "53:53/udp" + # "3000:80/tcp" # TODO: bind container ip address? + # ]; + # log-driver = "journald"; + # extraOptions = [ + # "--ip=172.18.1.5" # TODO: set this to some ip address from configs + # "--network-alias=pihole" # TODO: set this from configs + # "--network=nas_default" + # ]; + # }; + + systemd = { + tmpfiles.rules = [ + "d /home/jellyfin 755 jellyfin jellyfin -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" + "d /home/jellyfin/config 750 jellyfin jellyfin -" + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + "d /home/forgejo 750 forgejo forgejo -" + "d /home/forgejo/data 750 forgejo forgejo -" + # "d /home/forgejo 750 pihole pihole -" + ]; + + # services = { + # pihole = { + # serviceConfig = { + # Restart = lib.mkOverride 500 "always"; + # }; + # after = [ + # "podman-network-nas_default.service" + # ]; + # requires = [ + # "podman-network-nas_default.service" + # ]; + # partOf = [ + # "podman-compose-nas-root.target" + # ]; + # wantedBy = [ + # "podman-compose-nas-root.target" + # ]; + # }; + # }; + + # disable computer sleeping + targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + }; services = { nfs.server = { @@ -180,14 +244,6 @@ defaults.email = "jan-leila@protonmail.com"; }; - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - networking.firewall.allowedTCPPorts = [2049 8081]; environment.systemPackages = [ From d7627a21c217e49c40e34cf1ea35b90894818c2f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 21:43:19 -0500 Subject: [PATCH 232/932] added bond network to defiant --- hosts/defiant/hardware-configuration.nix | 52 ++++++++++++++++++++---- 1 file changed, 45 insertions(+), 7 deletions(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 219b6a55..3d9a46c0 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -34,15 +34,53 @@ swapDevices = []; networking = { - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; hostId = "c51763d6"; hostName = "defiant"; # Define your hostname. + useNetworkd = true; + }; + + systemd.network = { + enable = true; + + netdevs = { + "10-bond0" = { + netdevConfig = { + Kind = "bond"; + Name = "bond0"; + }; + bondConfig = { + Mode = "802.3ad"; + TransmitHashPolicy = "layer3+4"; + }; + }; + }; + + networks = { + "30-enp4s0" = { + matchConfig.Name = "enp4s0"; + networkConfig.Bond = "bond0"; + DHCP = "ipv4"; + }; + "30-enp5s0" = { + matchConfig.Name = "enp5s0"; + networkConfig.Bond = "bond0"; + DHCP = "ipv4"; + }; + + "40-bond0" = { + matchConfig.Name = "bond0"; + linkConfig = { + RequiredForOnline = "carrier"; + }; + networkConfig.LinkLocalAddressing = "no"; + + address = [ + # configure addresses including subnet mask + "192.168.1.10/24" + # TODO: ipv6 address configuration + ]; + }; + }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; From edbf13b19ec4c31d7afa6ca17c40259b65072347 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 21:57:38 -0500 Subject: [PATCH 233/932] removed outdated unneeded comment --- hosts/defiant/hardware-configuration.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 3d9a46c0..709430e7 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -26,11 +26,6 @@ zfs.extraPools = ["zroot"]; }; - # fileSystems."/" = - # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; - # fsType = "ext4"; - # }; - swapDevices = []; networking = { From 10941b1e454ded43ac6cb3ec58977d85918d8b84 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 22:07:09 -0500 Subject: [PATCH 234/932] updated tasks in README.md --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 82226531..63870802 100644 --- a/README.md +++ b/README.md @@ -46,8 +46,11 @@ set up git configuration for local development: `git config --local include.path - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- Docker parity with existing NAS on defiant -- NFS on defiant +- home assistant virtual machine +- pi hole docker +- searxng docker +- nextcloud ??? +- samba mounts - firefox declarative??? - figure out steam vr things? - Open GL? From b9226b4b15d09b5f3e3b10aacac4eb48913977f8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:21:35 -0500 Subject: [PATCH 235/932] ran linter --- hosts/defiant/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 709430e7..4b58353c 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -33,7 +33,7 @@ hostName = "defiant"; # Define your hostname. useNetworkd = true; }; - + systemd.network = { enable = true; From 454f002883d00f63be8af9811f55e16fc4b2265d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:21:52 -0500 Subject: [PATCH 236/932] added to README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 63870802..9ab1f70e 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ set up git configuration for local development: `git config --local include.path ## New Features - GNOME default monitors per hardware configuration? - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- fix pre commit hook - Flake templates - home assistant virtual machine - pi hole docker From 5c94b8f21ad261360038217c0803a51d21cdc7ba Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:26:27 -0500 Subject: [PATCH 237/932] added automatic weekly garbage collects --- enviroments/common/default.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 96ad0127..21528209 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -3,8 +3,13 @@ ../../users ]; - nix.settings.experimental-features = ["nix-command" "flakes"]; - nix.settings.trusted-users = ["leyla"]; + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + trusted-users = ["leyla"]; + }; + gc.automatic = true; + }; # Enable networking networking.networkmanager.enable = true; From e81cb84c21484aa7805f3c4b575223baf7b6cf98 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:28:24 -0500 Subject: [PATCH 238/932] updated task list --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 9ab1f70e..dad07c24 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,6 @@ set up git configuration for local development: `git config --local include.path - Open GL? - util functions - openssh known hosts -- limit boot configurations to 2 on defiant - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing - headscale server From 94ac2d581d41f8140219dc06a6c2523418f462bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Sep 2024 23:48:15 -0500 Subject: [PATCH 239/932] added note to task on README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dad07c24..2fa1c055 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ set up git configuration for local development: `git config --local include.path - server service system users should also be on local systems for file permission reasons - join config for systemd.tmpfiles.rules and service directory bindings ## New Features -- GNOME default monitors per hardware configuration? +- GNOME default monitors per hardware configuration? read this: https://discourse.nixos.org/t/gdm-monitor-configuration/6356/3 - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook - Flake templates From 54ecd6d24b9a9c161663d772d6c330dcedc0de81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 00:46:27 -0500 Subject: [PATCH 240/932] moved user configuration to common --- enviroments/common/default.nix | 77 +++++++++++++++++++++++++++++++++- enviroments/server/default.nix | 44 ------------------- users/ester/default.nix | 42 +++++++------------ users/eve/default.nix | 46 ++++++++------------ users/leyla/default.nix | 52 ++++++++++------------- 5 files changed, 131 insertions(+), 130 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 21528209..643240a6 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -31,7 +31,82 @@ LC_TIME = "en_US.UTF-8"; }; - users.groups.users = {}; + users = { + users = { + leyla = { + uid = 1000; + description = "Leyla"; + group = "leyla"; + }; + + ester = { + uid = 1001; + description = "Ester"; + group = "ester"; + }; + + eve = { + uid = 1002; + description = "Eve"; + group = "eve"; + }; + + jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; + }; + + forgejo = { + uid = 2002; + group = "forgejo"; + isSystemUser = true; + }; + + # pihole = { + # uid = 2003; + # group = "forgejo"; + # isSystemUser = true; + # }; + }; + + groups = { + leyla = { + gid = 1000; + members = ["lelya"]; + }; + + ester = { + gid = 1001; + members = ["ester"]; + }; + + eve = { + gid = 1002; + members = ["eve"]; + }; + + jellyfin = { + gid = 2000; + members = ["jellyfin" "leyla"]; + }; + + jellyfin_media = { + gid = 2001; + members = ["jellyfin" "leyla" "ester" "eve"]; + }; + + forgejo = { + gid = 2002; + members = ["forgejo" "leyla"]; + }; + + # pihole = { + # gid = 2003; + # members = ["pihole" "leyla"]; + # }; + }; + }; services = { openssh = { diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index defb37b7..3b567ebc 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -48,50 +48,6 @@ }; config = { - users = { - groups = { - jellyfin = { - gid = 2000; - members = ["jellyfin" "leyla"]; - }; - - jellyfin_media = { - gid = 2001; - members = ["jellyfin" "leyla" "ester" "eve"]; - }; - - forgejo = { - gid = 2002; - members = ["forgejo" "leyla"]; - }; - - # pihole = { - # gid = 2003; - # members = ["pihole" "leyla"]; - # }; - }; - - users = { - jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; - }; - - forgejo = { - uid = 2002; - group = "forgejo"; - isSystemUser = true; - }; - - # pihole = { - # uid = 2003; - # group = "forgejo"; - # isSystemUser = true; - # }; - }; - }; - # virtualisation.oci-containers.containers.pihole = { # image = "pihole/pihole:latest"; # environment = { diff --git a/users/ester/default.nix b/users/ester/default.nix index a16b69b0..e3ddc152 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -18,33 +18,23 @@ in { }; }; - users.groups.ester = {}; + users.users.ester = ( + if cfg.isFullUser + then { + isNormalUser = true; + extraGroups = ["networkmanager" "users"]; - users.users.ester = lib.mkMerge [ - { - uid = 1001; - description = "Ester"; - group = "ester"; + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; } - - ( - if cfg.isFullUser - then { - isNormalUser = true; - extraGroups = ["networkmanager" "users"]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; - } - else { - isSystemUser = true; - } - ) - ]; + else { + isSystemUser = true; + } + ); }; } diff --git a/users/eve/default.nix b/users/eve/default.nix index 8ad6b61a..32693c12 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -18,35 +18,25 @@ in { }; }; - users.groups.eve = {}; + users.users.eve = ( + if cfg.isFullUser + then { + isNormalUser = true; + extraGroups = ["networkmanager" "users"]; - users.users.eve = lib.mkMerge [ - { - uid = 1002; - description = "Eve"; - group = "eve"; + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; } - - ( - if cfg.isFullUser - then { - isNormalUser = true; - extraGroups = ["networkmanager" "users"]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; - } - else { - isSystemUser = true; - } - ) - ]; + else { + isSystemUser = true; + } + ); }; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 9454c2d8..1934bd2d 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -24,40 +24,30 @@ in { }; }; - users.groups.leyla = {}; + users.users.leyla = ( + if (cfg.isFullUser || cfg.isThinUser) + then { + isNormalUser = true; + extraGroups = lib.mkMerge [ + ["networkmanager" "wheel" "users"] + ( + lib.mkIf (!cfg.isThinUser) ["adbusers"] + ) + ]; - users.users.leyla = lib.mkMerge [ - { - uid = 1000; - description = "Leyla"; - group = "leyla"; - } + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - ( - if (cfg.isFullUser || cfg.isThinUser) - then { - isNormalUser = true; - extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "users"] - ( - lib.mkIf (!cfg.isThinUser) ["adbusers"] - ) + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - openssh = { - authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - }; - } - else { - isSystemUser = true; - } - ) - ]; + }; + } + else { + isSystemUser = true; + } + ); # TODO: this should reference the home directory from the user config services.openssh.hostKeys = [ From 79a9d08b12af1a870a1cea64fb3c8c79b70d3d4b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 00:47:00 -0500 Subject: [PATCH 241/932] removed completed tech debt task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 2fa1c055..b0f02063 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,6 @@ set up git configuration for local development: `git config --local include.path ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) -- server service system users should also be on local systems for file permission reasons - join config for systemd.tmpfiles.rules and service directory bindings ## New Features - GNOME default monitors per hardware configuration? read this: https://discourse.nixos.org/t/gdm-monitor-configuration/6356/3 From 6a558120b9a0867608212835f783a0ce20a6cfc8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 00:47:24 -0500 Subject: [PATCH 242/932] added notes to task in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b0f02063..ad9853ad 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ set up git configuration for local development: `git config --local include.path - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- headscale server +- headscale server (just needs to be tested) - mastodon server - tail scale clients - wake on LAN \ No newline at end of file From c993929049ced998ecc24ec02e95c766fcca0bb7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 10:53:50 -0500 Subject: [PATCH 243/932] set monitor configuration pre login --- hosts/twilight/configuration.nix | 198 +++++++++++++++++++++++++++++++ 1 file changed, 198 insertions(+) diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 991ecbc3..c2951f3a 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -23,6 +23,204 @@ eve.isFullUser = true; }; + systemd.tmpfiles.rules = [ + "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' + + + + 0 + 156 + 1 + + + DP-4 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 2560 + 324 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 0 + 1 + + left + no + + + + HDMI-0 + HWP + HP w2207 + CND7332S88 + + + 1600 + 1000 + 59.999 + + + + + + + 0 + 0 + 1 + yes + + + DP-1 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 4480 + 226 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 2560 + 226 + 1 + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + + + 2560 + 228 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 69 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 0 + 0 + 1 + + + DP-3 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + + None-1 + unknown + unknown + unknown + + + + + ''}" + ]; + # enabled virtualisation for docker # virtualisation.docker.enable = true; From a11dbffdb39f9e0f3f249e407665fc84ebffaac0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 10:54:27 -0500 Subject: [PATCH 244/932] disabled pressure showing dash to dock --- users/leyla/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index fdca2574..118d0ccc 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -108,7 +108,7 @@ "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; "show-trash" = false; - "require-pressure-to-show" = true; + "require-pressure-to-show" = false; "show-mounts" = false; }; From c11e94626ac9d629483d3a2b6148ddc325d3cc25 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 10:57:39 -0500 Subject: [PATCH 245/932] added tech debt task to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ad9853ad..1336f554 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ set up git configuration for local development: `git config --local include.path - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings +- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` ## New Features -- GNOME default monitors per hardware configuration? read this: https://discourse.nixos.org/t/gdm-monitor-configuration/6356/3 - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook - Flake templates From 822cdc65bb1caa95ccc1f06800ca1024ee5ab0af Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 11:28:35 -0500 Subject: [PATCH 246/932] added task to new features in README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1336f554..471605e7 100644 --- a/README.md +++ b/README.md @@ -61,4 +61,5 @@ set up git configuration for local development: `git config --local include.path - headscale server (just needs to be tested) - mastodon server - tail scale clients -- wake on LAN \ No newline at end of file +- wake on LAN +- ISO target that contains authorized keys for nixos-anywhere \ No newline at end of file From d11a24f33763bca6fefe734fe46a0fde5ca5b54f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 11:31:59 -0500 Subject: [PATCH 247/932] fixed folder name for pihole --- enviroments/server/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 3b567ebc..ac834a85 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -78,7 +78,7 @@ "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" "d /home/forgejo 750 forgejo forgejo -" "d /home/forgejo/data 750 forgejo forgejo -" - # "d /home/forgejo 750 pihole pihole -" + # "d /home/pihole 750 pihole pihole -" ]; # services = { From 8f36a609db86174579e83cadb71b55425b3bb634 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 13:05:25 -0500 Subject: [PATCH 248/932] moved allow unfree into user files --- README.md | 1 - hosts/defiant/configuration.nix | 2 -- hosts/horizon/configuration.nix | 3 --- hosts/twilight/configuration.nix | 3 --- users/ester/default.nix | 2 ++ users/eve/default.nix | 2 ++ users/leyla/default.nix | 3 ++- 7 files changed, 6 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 471605e7..829bd2d1 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,6 @@ set up git configuration for local development: `git config --local include.path # Tasks: ## Tech Debt -- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05c590e8..ec5cf1d0 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,8 +23,6 @@ efiInstallAsRemovable = true; }; - nixpkgs.config.allowUnfree = true; - domains = { base_domain = "jan-leila.com"; headscale.subdomain = "vpn"; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 1bd5bfca..c83fcc62 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -33,9 +33,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index c2951f3a..6441e2ad 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -227,9 +227,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/users/ester/default.nix b/users/ester/default.nix index e3ddc152..c4a18fbc 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -11,6 +11,8 @@ in { }; config = { + nixpkgs.config.allowUnfree = true; + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; diff --git a/users/eve/default.nix b/users/eve/default.nix index 32693c12..b6743319 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -11,6 +11,8 @@ in { }; config = { + nixpkgs.config.allowUnfree = true; + sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 1934bd2d..cd4332ef 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, ... }: let cfg = config.users.leyla; @@ -17,6 +16,8 @@ in { }; config = { + nixpkgs.config.allowUnfree = true; + sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; From 1e0218d928f74c438d9d6c016802d012cec2b7e1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 13:30:23 -0500 Subject: [PATCH 249/932] updated rebuild script to auto delete result --- rebuild.sh | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index b37be136..9988b7b2 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,5 +1,12 @@ #!/usr/bin/env bash +if [ -d "result" ]; +then + preserve_result=true +else + preserve_result=false +fi + while [ $# -gt 0 ]; do case "$1" in --target*|-t*) @@ -18,12 +25,20 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi user="${1#*=}" ;; + --preserve-result) + preserve_result=true + ;; + --no-preserve-result) + preserve_result=false + ;; --help|-h) echo "--help -h: print this message" echo "--target -t: set the target system to rebuild on" echo "--flake -f: set the flake to rebuild on the target system" echo "--mode -m: set the mode to rebuild flake as on the target system" echo "--user -u: set the user to rebuild flake as on the target system" + echo "--preserve-result: do not remove the generated result folder after building" + echo "--no-preserve-result: remove any result folder after building" exit 0 ;; *) @@ -39,9 +54,17 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -if [[ "$target" == "$(hostname)" ]] +if [[ "$target" == "$(hostname)" ]]; then nixos-rebuild $mode --use-remote-sudo --flake .#$flake else nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi + +if [ -d "result" ]; +then + if [[ "$preserve_result" == "false" ]]; + then + rm -r result + fi +fi \ No newline at end of file From 70d1b98ce210cf43bd2c4824ee8db8a9a28173e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 17:03:00 -0500 Subject: [PATCH 250/932] added task to README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 829bd2d1..bce959b3 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,7 @@ set up git configuration for local development: `git config --local include.path - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` +- move applications in server environment into their own flakes ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 1be145193eddf40670ef27ab97222233c9549f13 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 17:16:20 -0500 Subject: [PATCH 251/932] moved users password secret file --- enviroments/common/default.nix | 1 - enviroments/server/default.nix | 4 ++-- users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 643240a6..660b94d4 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -122,7 +122,6 @@ }; sops = { - defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFormat = "yaml"; gnupg.sshKeyPaths = []; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index ac834a85..c3be1e71 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -49,9 +49,9 @@ config = { # virtualisation.oci-containers.containers.pihole = { - # image = "pihole/pihole:latest"; + # image = "pihole/pihole:2024.07.0"; # environment = { - # TZ = "America/Chicago"; # TODO: set this to the systems timezone + # TZ = time.timeZone; # WEBPASSWORD_FILE = "..."; # TODO: set this from secrets file/config that is set to secrets file (I think this also needs to be mounted in volumns?) # }; # volumes = [ diff --git a/users/ester/default.nix b/users/ester/default.nix index c4a18fbc..356a7469 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -16,7 +16,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; - # sopsFile = ../secrets.yaml; + sopsFile = ../../secrets/user-passwords.yaml; }; }; diff --git a/users/eve/default.nix b/users/eve/default.nix index b6743319..3d768f9a 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -16,7 +16,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; - # sopsFile = ../secrets.yaml; + sopsFile = ../../secrets/user-passwords.yaml; }; }; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index cd4332ef..e227fdb6 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -21,7 +21,7 @@ in { sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; - # sopsFile = ../secrets.yaml; + sopsFile = ../../secrets/user-passwords.yaml; }; }; From 4145dd770f9302c432c5cd1df5db5c87ed0f2f36 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 17:56:50 -0500 Subject: [PATCH 252/932] moved user group configuration to environment common --- enviroments/common/default.nix | 5 +++++ users/ester/default.nix | 2 +- users/eve/default.nix | 2 +- users/leyla/default.nix | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 660b94d4..192d5a9a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -86,6 +86,11 @@ members = ["eve"]; }; + useres = { + gid = 100; + members = ["lelya" "ester" "eve"]; + }; + jellyfin = { gid = 2000; members = ["jellyfin" "leyla"]; diff --git a/users/ester/default.nix b/users/ester/default.nix index 356a7469..3597d2df 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -24,7 +24,7 @@ in { if cfg.isFullUser then { isNormalUser = true; - extraGroups = ["networkmanager" "users"]; + extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; diff --git a/users/eve/default.nix b/users/eve/default.nix index 3d768f9a..16787f8b 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -24,7 +24,7 @@ in { if cfg.isFullUser then { isNormalUser = true; - extraGroups = ["networkmanager" "users"]; + extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index e227fdb6..20f99abb 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -30,7 +30,7 @@ in { then { isNormalUser = true; extraGroups = lib.mkMerge [ - ["networkmanager" "wheel" "users"] + ["networkmanager" "wheel"] ( lib.mkIf (!cfg.isThinUser) ["adbusers"] ) From 9603fba06277739b585310fa8607090c659656a6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 19:24:59 -0500 Subject: [PATCH 253/932] updated secrets files --- .sops.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.sops.yaml b/.sops.yaml index 0ac5664b..e9ddb561 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,11 @@ keys: - &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh creation_rules: - - path_regex: secrets/secrets.yaml$ + - path_regex: secrets/user-passwords.yaml$ + key_groups: + - age: + - *leyla + - path_regex: secrets/defiant-services.yaml$ key_groups: - age: - *leyla From 3159ea9a4071bcae4e59cecbd2634a3ddacd7f3d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Sep 2024 19:25:21 -0500 Subject: [PATCH 254/932] fixed group name typo --- enviroments/common/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 192d5a9a..5236a8b7 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -86,7 +86,7 @@ members = ["eve"]; }; - useres = { + users = { gid = 100; members = ["lelya" "ester" "eve"]; }; From 101d8941746fb028233fa464840e1d6810c88fe8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 19:59:12 -0500 Subject: [PATCH 255/932] reformated bond network --- hosts/defiant/hardware-configuration.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 4b58353c..8601a8a1 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -64,9 +64,7 @@ "40-bond0" = { matchConfig.Name = "bond0"; - linkConfig = { - RequiredForOnline = "carrier"; - }; + linkConfig.RequiredForOnline = "carrier"; networkConfig.LinkLocalAddressing = "no"; address = [ From 44aae0065d474c168aabc0d0043644054e79e310 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 19:59:20 -0500 Subject: [PATCH 256/932] added DHCP to bond network --- hosts/defiant/hardware-configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 8601a8a1..766a02d0 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -66,6 +66,7 @@ matchConfig.Name = "bond0"; linkConfig.RequiredForOnline = "carrier"; networkConfig.LinkLocalAddressing = "no"; + networkConfig.DHCP = "yes"; address = [ # configure addresses including subnet mask From bd7e575868b0991a60f40a6410a207e9e18f4e75 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 20:27:38 -0500 Subject: [PATCH 257/932] changed env var for sops files --- enviroments/common/default.nix | 29 +++++++++++++++-------------- install.sh | 4 ++-- 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 5236a8b7..397799f6 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -63,11 +63,11 @@ isSystemUser = true; }; - # pihole = { - # uid = 2003; - # group = "forgejo"; - # isSystemUser = true; - # }; + pihole = { + uid = 2003; + group = "pihole"; + isSystemUser = true; + }; }; groups = { @@ -88,7 +88,7 @@ users = { gid = 100; - members = ["lelya" "ester" "eve"]; + members = ["leyla" "ester" "eve"]; }; jellyfin = { @@ -106,10 +106,10 @@ members = ["forgejo" "leyla"]; }; - # pihole = { - # gid = 2003; - # members = ["pihole" "leyla"]; - # }; + pihole = { + gid = 2003; + members = ["pihole" "leyla"]; + }; }; }; @@ -126,6 +126,11 @@ }; }; + environment.sessionVariables = rec { + AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + AGE_KEY_FILE = "${AGE_KEY_DIRECTORY}/key.txt"; + }; + sops = { defaultSopsFormat = "yaml"; gnupg.sshKeyPaths = []; @@ -136,10 +141,6 @@ # generateKey = true; }; }; - environment.sessionVariables = { - AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/"; - }; - # List packages installed in system profile. environment.systemPackages = with pkgs; [ wget diff --git a/install.sh b/install.sh index 07189989..b0a01ef6 100755 --- a/install.sh +++ b/install.sh @@ -47,8 +47,8 @@ cleanup() { trap cleanup EXIT # copy key file to temp folder to copy over to target -mkdir -p $temp$AGE_KEY_FILE_LOCATION -cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION +mkdir -p $temp$AGE_KEY_DIRECTORY +cp -r $AGE_KEY_DIRECTORY/* $temp$AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 4515bab713b87c44f7d28ab8b6b8f0b8324370ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 21:34:04 -0500 Subject: [PATCH 258/932] fixed password update command --- README.md | 3 ++- enviroments/common/default.nix | 4 ++-- install.sh | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index bce959b3..ef81d6be 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,10 @@ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html ## Configuration -updating passwords: `sops secrets/secrets.yaml` set up git configuration for local development: `git config --local include.path .gitconfig` +to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set) + # Tasks: ## Tech Debt diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 397799f6..0194ec10 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -127,8 +127,8 @@ }; environment.sessionVariables = rec { - AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; - AGE_KEY_FILE = "${AGE_KEY_DIRECTORY}/key.txt"; + SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; }; sops = { diff --git a/install.sh b/install.sh index b0a01ef6..882a9359 100755 --- a/install.sh +++ b/install.sh @@ -47,8 +47,8 @@ cleanup() { trap cleanup EXIT # copy key file to temp folder to copy over to target -mkdir -p $temp$AGE_KEY_DIRECTORY -cp -r $AGE_KEY_DIRECTORY/* $temp$AGE_KEY_DIRECTORY +mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY +cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target From 8772c463235163f386fe8d2c42c87235fa07cc80 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 23:11:49 -0500 Subject: [PATCH 259/932] added pihole config to defiant --- enviroments/server/default.nix | 130 +++++++++++++++-------- hosts/defiant/hardware-configuration.nix | 4 +- 2 files changed, 89 insertions(+), 45 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index c3be1e71..6c18f29f 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -48,27 +48,43 @@ }; config = { - # virtualisation.oci-containers.containers.pihole = { - # image = "pihole/pihole:2024.07.0"; - # environment = { - # TZ = time.timeZone; - # WEBPASSWORD_FILE = "..."; # TODO: set this from secrets file/config that is set to secrets file (I think this also needs to be mounted in volumns?) - # }; - # volumes = [ - # "/home/docker/pihole:/etc/pihole:rw" # TODO; set this based on configs - # ]; - # ports = [ - # "53:53/tcp" - # "53:53/udp" - # "3000:80/tcp" # TODO: bind container ip address? - # ]; - # log-driver = "journald"; - # extraOptions = [ - # "--ip=172.18.1.5" # TODO: set this to some ip address from configs - # "--network-alias=pihole" # TODO: set this from configs - # "--network=nas_default" - # ]; - # }; + sops.secrets = { + "services/pi-hole" = { + sopsFile = ../../secrets/defiant-services.yaml; + }; + }; + + # Runtime + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + virtualisation.oci-containers.containers.pihole = { + image = "pihole/pihole:2024.07.0"; + hostname = "pihole"; + volumes = [ + "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs + "${config.sops.secrets."services/pi-hole".path}:/var/lib/pihole/webpassword.txt" + ]; + environment = { + TZ = config.time.timeZone; + WEBPASSWORD_FILE = "/var/lib/pihole/webpassword.txt"; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=192.168.1.201" # TODO: set this to some ip address from configs + "--network=macvlan" + ]; + }; systemd = { tmpfiles.rules = [ @@ -78,28 +94,45 @@ "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" "d /home/forgejo 750 forgejo forgejo -" "d /home/forgejo/data 750 forgejo forgejo -" - # "d /home/pihole 750 pihole pihole -" + "d /home/pihole 750 pihole pihole -" ]; - # services = { - # pihole = { - # serviceConfig = { - # Restart = lib.mkOverride 500 "always"; - # }; - # after = [ - # "podman-network-nas_default.service" - # ]; - # requires = [ - # "podman-network-nas_default.service" - # ]; - # partOf = [ - # "podman-compose-nas-root.target" - # ]; - # wantedBy = [ - # "podman-compose-nas-root.target" - # ]; - # }; - # }; + services = { + "podman-pihole" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-macvlan.service" + ]; + requires = [ + "podman-network-macvlan.service" + ]; + partOf = [ + "podman-compose-root.target" + ]; + wantedBy = [ + "podman-compose-root.target" + ]; + }; + + "podman-network-macvlan" = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f macvlan"; + }; + # TODO: check subnet against pi-hole ip address + # TODO: make lan configurable + # TODO: make parent interface configurable + script = '' + podman network inspect macvlan || podman network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 --opt parent=bond0 macvlan + ''; + partOf = [ "podman-compose-root.target" ]; + wantedBy = [ "podman-compose-root.target" ]; + }; + }; # disable computer sleeping targets = { @@ -107,10 +140,23 @@ suspend.enable = false; hibernate.enable = false; hybrid-sleep.enable = false; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + "podman-compose-root" = { + unitConfig = { + Description = "Root target for podman targets."; + }; + wantedBy = [ "multi-user.target" ]; + }; }; }; services = { + # DNS stub needs to be disabled so pi hole can bind + # resolved.extraConfig = "DNSStubListener=no"; + nfs.server = { enable = true; exports = '' @@ -200,7 +246,7 @@ defaults.email = "jan-leila@protonmail.com"; }; - networking.firewall.allowedTCPPorts = [2049 8081]; + networking.firewall.allowedTCPPorts = [53 2049 3000 8081]; environment.systemPackages = [ config.services.headscale.package diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 766a02d0..7755d1bb 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -54,19 +54,17 @@ "30-enp4s0" = { matchConfig.Name = "enp4s0"; networkConfig.Bond = "bond0"; - DHCP = "ipv4"; }; "30-enp5s0" = { matchConfig.Name = "enp5s0"; networkConfig.Bond = "bond0"; - DHCP = "ipv4"; }; "40-bond0" = { matchConfig.Name = "bond0"; linkConfig.RequiredForOnline = "carrier"; networkConfig.LinkLocalAddressing = "no"; - networkConfig.DHCP = "yes"; + DHCP = "ipv4"; address = [ # configure addresses including subnet mask From e1ebfab7a30b063cfd9b997fcdb1313e4972cb47 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 23:28:03 -0500 Subject: [PATCH 260/932] disabled DHCP on host network cards --- hosts/defiant/hardware-configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 7755d1bb..edfaeeea 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -54,10 +54,12 @@ "30-enp4s0" = { matchConfig.Name = "enp4s0"; networkConfig.Bond = "bond0"; + DHCP = "no"; }; "30-enp5s0" = { matchConfig.Name = "enp5s0"; networkConfig.Bond = "bond0"; + DHCP = "no"; }; "40-bond0" = { From 469ba5671a36bbc70d687d7afd9d727f4e9ee4dc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Sep 2024 23:28:30 -0500 Subject: [PATCH 261/932] moved task in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ef81d6be..60e9169e 100644 --- a/README.md +++ b/README.md @@ -43,12 +43,12 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes +- pihole config files ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook - Flake templates - home assistant virtual machine -- pi hole docker - searxng docker - nextcloud ??? - samba mounts From 454cac088e8262e006de3b9d80bab2810ad2dcfa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 00:12:58 -0500 Subject: [PATCH 262/932] added submodule --- .gitmodules | 3 +++ secrets | 1 + 2 files changed, 4 insertions(+) create mode 100644 .gitmodules create mode 160000 secrets diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..810e39fd --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "secrets"] + path = secrets + url = git@git.jan-leila.com:jan-leila/nix-config.git diff --git a/secrets b/secrets new file mode 160000 index 00000000..46172e93 --- /dev/null +++ b/secrets @@ -0,0 +1 @@ +Subproject commit 46172e93709498e57d188a1bd19349c28fe4e3e3 From 67efe92536eb40aa85d25e668666507a2b76ba4b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 00:15:21 -0500 Subject: [PATCH 263/932] replaced ambiguous unicode character --- hosts/defiant/configuration.nix | 2 +- hosts/horizon/configuration.nix | 2 +- hosts/twilight/configuration.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index ec5cf1d0..9731f876 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -57,7 +57,7 @@ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave + # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c83fcc62..018fb77c 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -41,7 +41,7 @@ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave + # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 6441e2ad..5c270014 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -229,7 +229,7 @@ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave + # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). From 22ef0e838dc62507c8904f9b4c1f74e99614506c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:05:26 -0500 Subject: [PATCH 264/932] renamed domains to apps --- enviroments/server/default.nix | 18 +++++++++--------- hosts/defiant/configuration.nix | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 6c18f29f..f4784135 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -9,7 +9,7 @@ ]; options = { - domains = { + apps = { base_domain = lib.mkOption { type = lib.types.str; }; @@ -29,7 +29,7 @@ hostname = lib.mkOption { type = lib.types.str; description = "hosname that jellyfin will be hosted at"; - default = "${config.domains.jellyfin.subdomain}.${config.domains.base_domain}"; + default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; }; forgejo = { @@ -41,7 +41,7 @@ hostname = lib.mkOption { type = lib.types.str; description = "hosname that forgejo will be hosted at"; - default = "${config.domains.forgejo.subdomain}.${config.domains.base_domain}"; + default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; }; }; }; @@ -188,8 +188,8 @@ address = "0.0.0.0"; port = 8080; settings = { - server_url = "http://${config.domains.headscale.subdomain}.${config.domains.base_domain}"; - dns_config.base_domain = config.domains.base_domain; + server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; + dns_config.base_domain = config.apps.base_domain; logtail.enabled = false; }; }; @@ -208,7 +208,7 @@ lfs.enable = true; settings = { server = { - DOMAIN = config.domains.forgejo.hostname; + DOMAIN = config.apps.forgejo.hostname; HTTP_PORT = 8081; }; service.DISABLE_REGISTRATION = true; @@ -219,7 +219,7 @@ nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { - ${config.domains.headscale.hostname} = { + ${config.apps.headscale.hostname} = { forceSSL = true; enableACME = true; locations."/" = { @@ -227,12 +227,12 @@ proxyWebsockets = true; }; }; - ${config.domains.jellyfin.hostname} = { + ${config.apps.jellyfin.hostname} = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://localhost:8096"; }; - ${config.domains.forgejo.hostname} = { + ${config.apps.forgejo.hostname} = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9731f876..05b169e6 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -23,7 +23,7 @@ efiInstallAsRemovable = true; }; - domains = { + apps = { base_domain = "jan-leila.com"; headscale.subdomain = "vpn"; jellyfin.subdomain = "media"; From 8adc6b97cd424a01510f287e6bd786bb24dd8d1b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:29:22 -0500 Subject: [PATCH 265/932] removed git tracking requirement from rebuilds --- install.sh | 2 +- rebuild.sh | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/install.sh b/install.sh index 882a9359..d7e10dfe 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake "path:.#$flake" ${user:-nixos}@$target diff --git a/rebuild.sh b/rebuild.sh index 9988b7b2..96cfc3df 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -54,11 +54,13 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} +# path: prefixes on rebuilds here make nix not treat this flake like it has a git repo so we can +# access secret files in the submodule this is kinda bad and we should find a way to not need it if [[ "$target" == "$(hostname)" ]]; then - nixos-rebuild $mode --use-remote-sudo --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --flake path:.#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake path:.#$flake fi if [ -d "result" ]; From baced6f8fd8cefba7550ea12dc4e291659b51764 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:29:35 -0500 Subject: [PATCH 266/932] added config options for pihole --- enviroments/server/default.nix | 92 ++++++++++++++++++++++----------- hosts/defiant/configuration.nix | 21 ++++++-- 2 files changed, 79 insertions(+), 34 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index f4784135..5a55a693 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -13,6 +13,33 @@ base_domain = lib.mkOption { type = lib.types.str; }; + macvlan = { + subnet = lib.mkOption { + type = lib.types.str; + description = "Subnet for macvlan address range"; + }; + gateway = lib.mkOption { + type = lib.types.str; + description = "Gateway for macvlan"; + # TODO: see if we can default this to systemd network gateway + }; + networkInterface = lib.mkOption { + type = lib.types.str; + description = "Parent network interface for macvlan"; + # TODO: see if we can default this some interface? + }; + }; + pihole = { + image = lib.mkOption { + type = lib.types.str; + description = "container image to use for pi-hole"; + }; + # TODO: check against subnet for macvlan + ip = lib.mkOption { + type = lib.types.str; + description = "ip address to use for pi-hole"; + }; + }; headscale = { subdomain = lib.mkOption { type = lib.types.str; @@ -54,36 +81,42 @@ }; }; - # Runtime - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; + virtualisation = { + # Runtime + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; }; - }; - virtualisation.oci-containers.backend = "podman"; - virtualisation.oci-containers.containers.pihole = { - image = "pihole/pihole:2024.07.0"; - hostname = "pihole"; - volumes = [ - "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs - "${config.sops.secrets."services/pi-hole".path}:/var/lib/pihole/webpassword.txt" - ]; - environment = { - TZ = config.time.timeZone; - WEBPASSWORD_FILE = "/var/lib/pihole/webpassword.txt"; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; + oci-containers = { + backend = "podman"; + + containers.pihole = let + passwordFileLocation = "/var/lib/pihole/webpassword.txt"; + in { + image = config.apps.pihole.image; + volumes = [ + "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules + "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" + ]; + environment = { + TZ = config.time.timeZone; + WEBPASSWORD_FILE = passwordFileLocation; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=${config.apps.pihole.ip}" + "--network=macvlan" + ]; + }; }; - log-driver = "journald"; - extraOptions = [ - "--ip=192.168.1.201" # TODO: set this to some ip address from configs - "--network=macvlan" - ]; }; systemd = { @@ -123,11 +156,8 @@ RemainAfterExit = true; ExecStop = "podman network rm -f macvlan"; }; - # TODO: check subnet against pi-hole ip address - # TODO: make lan configurable - # TODO: make parent interface configurable script = '' - podman network inspect macvlan || podman network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 --opt parent=bond0 macvlan + podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan ''; partOf = [ "podman-compose-root.target" ]; wantedBy = [ "podman-compose-root.target" ]; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 05b169e6..9288d36b 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,9 +25,24 @@ apps = { base_domain = "jan-leila.com"; - headscale.subdomain = "vpn"; - jellyfin.subdomain = "media"; - forgejo.subdomain = "git"; + macvlan = { + subnet = "192.168.1.0/24"; + gateway = "192.168.1.1"; + networkInterface = "bond0"; + }; + pihole = { + image = "pihole/pihole:2024.07.0"; + ip = "192.168.1.201"; + }; + headscale = { + subdomain = "vpn"; + }; + jellyfin = { + subdomain = "media"; + }; + forgejo = { + subdomain = "git"; + }; }; services = { From 3e3f175e1b29ac04b3c5eacd89eb825f808595f8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:30:28 -0500 Subject: [PATCH 267/932] updated task in README --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 60e9169e..b42f0618 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes -- pihole config files ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From ac14a781b297d0496a8603e20d88676c1d7c231b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 01:31:02 -0500 Subject: [PATCH 268/932] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b42f0618..d086102d 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes +- make subrepo a flake that gets imported (and then remove `path:` from build scripts) ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 27b58dc288041ab5b9004c021eec802b10cafc6d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 02:30:54 -0500 Subject: [PATCH 269/932] switched submodule files to non flake input --- .gitmodules | 2 +- README.md | 1 - enviroments/server/default.nix | 3 ++- flake.lock | 18 ++++++++++++++++++ flake.nix | 7 ++++++- install.sh | 2 +- rebuild.sh | 4 ++-- users/ester/default.nix | 3 ++- users/eve/default.nix | 3 ++- users/leyla/default.nix | 3 ++- 10 files changed, 36 insertions(+), 10 deletions(-) diff --git a/.gitmodules b/.gitmodules index 810e39fd..dcfaddd4 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "secrets"] path = secrets - url = git@git.jan-leila.com:jan-leila/nix-config.git + url = git@git.jan-leila.com:jan-leila/nix-config-secrets.git diff --git a/README.md b/README.md index d086102d..b42f0618 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` - move applications in server environment into their own flakes -- make subrepo a flake that gets imported (and then remove `path:` from build scripts) ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 5a55a693..a36a1db8 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -2,6 +2,7 @@ lib, config, pkgs, + inputs, ... }: { imports = [ @@ -77,7 +78,7 @@ config = { sops.secrets = { "services/pi-hole" = { - sopsFile = ../../secrets/defiant-services.yaml; + sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; }; diff --git a/flake.lock b/flake.lock index a4248000..d6f3015d 100644 --- a/flake.lock +++ b/flake.lock @@ -167,9 +167,27 @@ "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "secrets": "secrets", "sops-nix": "sops-nix" } }, + "secrets": { + "flake": false, + "locked": { + "lastModified": 1727152771, + "narHash": "sha256-GYtrV//xaqamqRynEaHJrbklliHyAN9/4NZRXBZlahs=", + "ref": "main", + "rev": "46172e93709498e57d188a1bd19349c28fe4e3e3", + "revCount": 2, + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + } + }, "sops-nix": { "inputs": { "nixpkgs": "nixpkgs_2", diff --git a/flake.nix b/flake.nix index 70992b0b..d1ff05ba 100644 --- a/flake.nix +++ b/flake.nix @@ -5,9 +5,14 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # encrypt files that contain secreats that I would like to not encrypt + # encrypt files that contain secrets that I would like to not encrypt sops-nix.url = "github:Mic92/sops-nix"; + secrets = { + url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; + flake = false; + }; + # declairtive disk configuration disko = { url = "github:nix-community/disko"; diff --git a/install.sh b/install.sh index d7e10dfe..882a9359 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake "path:.#$flake" ${user:-nixos}@$target +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target diff --git a/rebuild.sh b/rebuild.sh index 96cfc3df..630a2b4e 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -58,9 +58,9 @@ user=${user:-$USER} # access secret files in the submodule this is kinda bad and we should find a way to not need it if [[ "$target" == "$(hostname)" ]]; then - nixos-rebuild $mode --use-remote-sudo --flake path:.#$flake + nixos-rebuild $mode --use-remote-sudo --flake .#$flake else - nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake path:.#$flake + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi if [ -d "result" ]; diff --git a/users/ester/default.nix b/users/ester/default.nix index 3597d2df..f6a12030 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -2,6 +2,7 @@ lib, config, pkgs, + inputs, ... }: let cfg = config.users.ester; @@ -16,7 +17,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/ester" = { neededForUsers = true; - sopsFile = ../../secrets/user-passwords.yaml; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; }; diff --git a/users/eve/default.nix b/users/eve/default.nix index 16787f8b..7902ff27 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -2,6 +2,7 @@ lib, config, pkgs, + inputs, ... }: let cfg = config.users.eve; @@ -16,7 +17,7 @@ in { sops.secrets = lib.mkIf cfg.isFullUser { "passwords/eve" = { neededForUsers = true; - sopsFile = ../../secrets/user-passwords.yaml; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; }; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 20f99abb..1cd30fe4 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,6 +1,7 @@ { lib, config, + inputs, ... }: let cfg = config.users.leyla; @@ -21,7 +22,7 @@ in { sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { "passwords/leyla" = { neededForUsers = true; - sopsFile = ../../secrets/user-passwords.yaml; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; }; From b1fbaf169d78ed8f454b83a00cc079656a9bc14c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 17:58:47 -0500 Subject: [PATCH 270/932] ran linter --- enviroments/server/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index a36a1db8..7d7d7b5c 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -151,7 +151,7 @@ }; "podman-network-macvlan" = { - path = [ pkgs.podman ]; + path = [pkgs.podman]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -160,8 +160,8 @@ script = '' podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan ''; - partOf = [ "podman-compose-root.target" ]; - wantedBy = [ "podman-compose-root.target" ]; + partOf = ["podman-compose-root.target"]; + wantedBy = ["podman-compose-root.target"]; }; }; @@ -179,7 +179,7 @@ unitConfig = { Description = "Root target for podman targets."; }; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; }; }; }; From 6fc22b821448bc5eb3cb2fd7e99d6f9be15e8d24 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 17:58:54 -0500 Subject: [PATCH 271/932] added note to task in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b42f0618..8bcb5ed3 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. ## Tech Debt - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings -- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` +- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) From aaa7f0aa3d403c9852c22f73a1bb829472075879 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 18:43:32 -0500 Subject: [PATCH 272/932] restructured containers object --- enviroments/server/default.nix | 38 ++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 7d7d7b5c..9466c424 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -97,25 +97,27 @@ oci-containers = { backend = "podman"; - containers.pihole = let - passwordFileLocation = "/var/lib/pihole/webpassword.txt"; - in { - image = config.apps.pihole.image; - volumes = [ - "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules - "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" - ]; - environment = { - TZ = config.time.timeZone; - WEBPASSWORD_FILE = passwordFileLocation; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; + containers = { + pihole = let + passwordFileLocation = "/var/lib/pihole/webpassword.txt"; + in { + image = config.apps.pihole.image; + volumes = [ + "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules + "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" + ]; + environment = { + TZ = config.time.timeZone; + WEBPASSWORD_FILE = passwordFileLocation; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=${config.apps.pihole.ip}" + "--network=macvlan" + ]; }; - log-driver = "journald"; - extraOptions = [ - "--ip=${config.apps.pihole.ip}" - "--network=macvlan" - ]; }; }; }; From a86f39668b04e40efe7d3d6e8547b81ffa09fbe2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Sep 2024 20:05:25 -0500 Subject: [PATCH 273/932] reorganized flake inputs --- flake.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index d1ff05ba..f8254b73 100644 --- a/flake.nix +++ b/flake.nix @@ -5,34 +5,37 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # encrypt files that contain secrets that I would like to not encrypt + # secret encryption sops-nix.url = "github:Mic92/sops-nix"; + # self hosted repo of secrets file to further protect files in case of future encryption vunrabilities secrets = { url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; flake = false; }; - # declairtive disk configuration + # disk configurations disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; - # managment per user + # users home directories home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - # repo of hardware configs for prebuilt systems - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - # vscode extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # pregenerated hardware configurations + nixos-hardware = { + url = "github:NixOS/nixos-hardware/master"; + }; }; outputs = { From 5916073839be3a4ca61db0c65b03a32666a883f5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 11:16:13 -0500 Subject: [PATCH 274/932] groups environment vars in common environment added qemu to system --- enviroments/common/default.nix | 38 +++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 0194ec10..a5e1c9cb 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -126,9 +126,30 @@ }; }; - environment.sessionVariables = rec { - SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; - SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + environment = { + # List packages installed in system profile. + systemPackages = with pkgs; [ + qemu + (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' + qemu-system-x86_64 \ + -bios ${OVMF.fd}/FV/OVMF.fd \ + "$@" + '') + + wget + + # version control + git + + # system debuging tools + iputils + dnsutils + ]; + + sessionVariables = rec { + SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + }; }; sops = { @@ -141,15 +162,4 @@ # generateKey = true; }; }; - # List packages installed in system profile. - environment.systemPackages = with pkgs; [ - wget - - # version control - git - - # system debuging tools - iputils - dnsutils - ]; } From da7a41ce507fe19b6f009dec3003cc49af932410 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 11:16:42 -0500 Subject: [PATCH 275/932] updated flakes --- flake.lock | 30 +++++++++++++++--------------- flake.nix | 6 ++++++ 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index d6f3015d..167e2f9b 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1726842196, - "narHash": "sha256-u9h03JQUuQJ607xmti9F9Eh6E96kKUAGP+aXWgwm70o=", + "lastModified": 1727249977, + "narHash": "sha256-lAqOCDI4B6hA+t+KHSm/Go8hQF/Ob5sgXaIRtMAnMKw=", "owner": "nix-community", "repo": "disko", - "rev": "51994df8ba24d5db5459ccf17b6494643301ad28", + "rev": "c1c472f4cd91e4b0703e02810a8c7ed30186b6fa", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1726863345, - "narHash": "sha256-fjbKe1/UJpLT6tQLAKJ/djJFdnmAh2kkdsgmylyFrQA=", + "lastModified": 1727246346, + "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=", "owner": "nix-community", "repo": "home-manager", - "rev": "dfe4d334b172071e7189d971ddecd3a7f811b48d", + "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1726796602, - "narHash": "sha256-rYMcODISSljSETcqUUTMo++ZEa1CC6Xx6d3xuydishM=", + "lastModified": 1727228778, + "narHash": "sha256-vg1b7yLH8TgKsUi5KlctSx4GuET7MAoWUR7nqAGnU/Y=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "91dea80194080f017c6edf84fd94e33f6c12aec3", + "rev": "fb86a415579cd38eb7b47c3ada597841b97e2ea9", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1726724509, - "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=", + "lastModified": 1727040444, + "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94", + "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726755586, - "narHash": "sha256-PmUr/2GQGvFTIJ6/Tvsins7Q43KTMvMFhvG6oaYK+Wk=", + "lastModified": 1726937504, + "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c04d5652cfa9742b1d519688f65d1bbccea9eb7e", + "rev": "9357f4f23713673f310988025d9dc261c20e70c6", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f8254b73..b3207778 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,12 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # # virtual machine managment + # nix-virt = { + # url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; + # vscode extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; From 62ad7255bae131ff46be171f0563f4734b8ba9b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 12:15:15 -0500 Subject: [PATCH 276/932] added ollama plugin --- users/leyla/default.nix | 26 +++++++++++++++++--------- users/leyla/packages.nix | 2 ++ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 1cd30fe4..69f8193c 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -51,15 +51,23 @@ in { } ); - # TODO: this should reference the home directory from the user config - services.openssh.hostKeys = [ - { - comment = "leyla@" + config.networking.hostName; - path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; - rounds = 100; - type = "ed25519"; - } - ]; + services = { + ollama = { + enable = true; + acceleration = lib.mkIf cfg.hasGPU "cuda"; + }; + + + # TODO: this should reference the home directory from the user config + openssh.hostKeys = [ + { + comment = "leyla@" + config.networking.hostName; + path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; + rounds = 100; + type = "ed25519"; + } + ]; + }; home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index e206d22f..a5960d97 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -106,6 +106,8 @@ in { # misc extensions bungcip.better-toml + + open-vsx."10nates".ollama-autocoder ] ++ (with vscode-marketplace; [ # js extensions From a625779b78639cdd50bd544b3938b3c8ed2c5ceb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Sep 2024 19:56:54 -0500 Subject: [PATCH 277/932] drafted out firefox config --- flake.nix | 5 +- users/leyla/home.nix | 122 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index b3207778..aa908e01 100644 --- a/flake.nix +++ b/flake.nix @@ -26,9 +26,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # # virtual machine managment - # nix-virt = { - # url = "https://flakehub.com/f/AshleyYakeley/NixVirt/*.tar.gz"; + # firefox-addons = { + # url = "gitlab.com:rycee/nur-expressions?dir=pkgs/firefox-addons"; # inputs.nixpkgs.follows = "nixpkgs"; # }; diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 118d0ccc..c951aaf8 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -83,6 +83,128 @@ userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; }; + # firefox = { + # enable = true; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ + # ublock-origin + # bitwarden + + # ]; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://tech.lgbt"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # } }; dconf = { From e728268b9b2416d03605ec6bf962d06d8184d229 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Sep 2024 09:33:52 -0500 Subject: [PATCH 278/932] simplified flake.nix --- flake.lock | 20 +++----------------- flake.nix | 16 +++++++++++++--- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 167e2f9b..e323be9e 100644 --- a/flake.lock +++ b/flake.lock @@ -144,22 +144,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1725534445, - "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "disko": "disko", @@ -190,7 +174,9 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-stable": "nixpkgs-stable" }, "locked": { diff --git a/flake.nix b/flake.nix index aa908e01..8e2192e7 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,10 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # secret encryption - sops-nix.url = "github:Mic92/sops-nix"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # self hosted repo of secrets file to further protect files in case of future encryption vunrabilities secrets = { @@ -48,6 +51,7 @@ nixpkgs, disko, nixos-hardware, + home-manager, ... } @ inputs: let forEachSystem = nixpkgs.lib.genAttrs [ @@ -66,8 +70,14 @@ specialArgs = {inherit inputs;}; modules = [ ./hosts/horizon/configuration.nix - inputs.home-manager.nixosModules.default nixos-hardware.nixosModules.framework-11th-gen-intel + home-manager.nixosModules.default + # { + # home-manager.useGlobalPkgs = true; + # home-manager.useUserPackages = true; + # home-manager.extraSpecialArgs = { inherit inputs; }; + # home-manager.users = import ./users; + # } ]; }; # Leyla Desktop @@ -75,7 +85,7 @@ specialArgs = {inherit inputs;}; modules = [ ./hosts/twilight/configuration.nix - inputs.home-manager.nixosModules.default + home-manager.nixosModules.default ]; }; # NAS Service From 292d9d0790a9e29aaeef77e44c8e0229c65d7b1f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Sep 2024 21:44:54 +0200 Subject: [PATCH 279/932] set timezone automatically --- enviroments/common/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a5e1c9cb..25c221a2 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -15,7 +15,7 @@ networking.networkmanager.enable = true; # Set your time zone. - time.timeZone = "America/Chicago"; + # time.timeZone = "America/Chicago"; i18n.defaultLocale = "en_US.UTF-8"; @@ -114,6 +114,10 @@ }; services = { + automatic-timezoned = { + enable = true; + }; + openssh = { enable = true; ports = [22]; From f975bd047d1da96c70e67e7ccad5f3375a92ba26 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 2 Oct 2024 22:31:57 +0200 Subject: [PATCH 280/932] added direnv to system packages --- enviroments/client/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 86ff67be..134d7e2b 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -47,6 +47,8 @@ security.rtkit.enable = true; environment.systemPackages = with pkgs; [ + direnv + # helvetica font aileron From 37d01a92b764bdcb0824905309344f921ed05bd4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 14:19:06 +0200 Subject: [PATCH 281/932] added direnv to bash.interactiveShellInit --- enviroments/client/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 134d7e2b..85b5e47d 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -46,6 +46,8 @@ hardware.pulseaudio.enable = false; security.rtkit.enable = true; + programs.bash.interactiveShellInit = ''eval "$(direnv hook bash)"''; + environment.systemPackages = with pkgs; [ direnv From 26b231a329cfdd72d2322befa87b58f1ca50a017 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 14:21:54 +0200 Subject: [PATCH 282/932] moved dir env to nix-direnv in home manager --- enviroments/client/default.nix | 4 ---- users/leyla/home.nix | 11 +++++++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 85b5e47d..86ff67be 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -46,11 +46,7 @@ hardware.pulseaudio.enable = false; security.rtkit.enable = true; - programs.bash.interactiveShellInit = ''eval "$(direnv hook bash)"''; - environment.systemPackages = with pkgs; [ - direnv - # helvetica font aileron diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c951aaf8..af3940aa 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -77,12 +77,23 @@ programs = { # Let Home Manager install and manage itself. home-manager.enable = true; + + # set up git defaults git = { enable = true; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; # see note on other shells below + nix-direnv.enable = true; + }; + bash.enable = true; # see note on other shells below + # firefox = { # enable = true; # profiles.leyla = { From ff295dc7acb6dd948026fdad5a81d7a018a8b7a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 14:48:14 +0200 Subject: [PATCH 283/932] reconfigured how home manager gets applied --- README.md | 1 + flake.nix | 14 +- hosts/horizon/configuration.nix | 4 + users/default.nix | 1 + users/home.nix | 5 + users/leyla/default.nix | 8 +- users/leyla/home.nix | 491 ++++++++++++++++---------------- users/leyla/packages.nix | 275 ++++++++++-------- 8 files changed, 438 insertions(+), 361 deletions(-) create mode 100644 users/home.nix diff --git a/README.md b/README.md index 8bcb5ed3..e9f9e8f3 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html +- This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ ## Configuration set up git configuration for local development: `git config --local include.path .gitconfig` diff --git a/flake.nix b/flake.nix index 8e2192e7..4f551e2b 100644 --- a/flake.nix +++ b/flake.nix @@ -71,13 +71,13 @@ modules = [ ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel - home-manager.nixosModules.default - # { - # home-manager.useGlobalPkgs = true; - # home-manager.useUserPackages = true; - # home-manager.extraSpecialArgs = { inherit inputs; }; - # home-manager.users = import ./users; - # } + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + } ]; }; # Leyla Desktop diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 018fb77c..714429d3 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,6 +14,10 @@ ../../enviroments/client ]; + home-manager.users.leyla.config = { + isFullUser = true; + }; + users = { leyla.isFullUser = true; ester.isFullUser = true; diff --git a/users/default.nix b/users/default.nix index 4c0b5d70..3dc52d9d 100644 --- a/users/default.nix +++ b/users/default.nix @@ -4,4 +4,5 @@ users.mutableUsers = false; home-manager.extraSpecialArgs = {inherit inputs;}; + home-manager.users = import ./home.nix; } diff --git a/users/home.nix b/users/home.nix new file mode 100644 index 00000000..62be4503 --- /dev/null +++ b/users/home.nix @@ -0,0 +1,5 @@ +{ + leyla = import ./leyla/home.nix; + # ester = import ./ester/home.nix; + # eve = import ./eve/home.nix; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 69f8193c..0089d35d 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -6,9 +6,9 @@ }: let cfg = config.users.leyla; in { - imports = [ - ./packages.nix - ]; + # imports = [ + # ./packages.nix + # ]; options.users.leyla = { isFullUser = lib.mkEnableOption "create usable leyla user"; @@ -69,6 +69,6 @@ in { ]; }; - home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); + # home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } diff --git a/users/leyla/home.nix b/users/leyla/home.nix index af3940aa..9644e625 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,259 +1,272 @@ { + lib, config, pkgs, ... }: { - # Home Manager needs a bit of information about you and the paths it should - # manage. - home = { - username = "leyla"; - homeDirectory = "/home/leyla"; + imports = [ + ./packages.nix + ]; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # The home.packages option allows you to install Nix packages into your - # environment. - packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello - - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; + options = { + isFullUser = lib.mkEnableOption "create usable leyla user"; + isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; + config = { + # Home Manager needs a bit of information about you and the paths it should + # manage. + home = { + username = "leyla"; + homeDirectory = "/home/leyla"; - # set up git defaults - git = { - enable = true; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; }; - # add direnv to auto load flakes for development - direnv = { - enable = true; - enableBashIntegration = true; # see note on other shells below - nix-direnv.enable = true; + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + # set up git defaults + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; # see note on other shells below + nix-direnv.enable = true; + }; + bash.enable = true; # see note on other shells below + + # firefox = { + # enable = true; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ + # ublock-origin + # bitwarden + + # ]; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://tech.lgbt"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # } }; - bash.enable = true; # see note on other shells below - # firefox = { - # enable = true; - # profiles.leyla = { + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; - # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # bitwarden + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = false; + "show-mounts" = false; + }; - # ]; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://tech.lgbt"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # } - }; - - dconf = { - enable = true; - settings = { - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; - - "org/gnome/shell/extensions/dash-to-dock" = { - "dock-position" = "LEFT"; - "intellihide-mode" = "ALL_WINDOWS"; - "show-trash" = false; - "require-pressure-to-show" = false; - "show-mounts" = false; - }; - - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; }; }; }; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index a5960d97..e14f1571 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,17 +1,12 @@ { lib, config, + osConfig, pkgs, inputs, ... -}: let - cfg = config.users.leyla; -in { - imports = [ - ../../overlays/intellij.nix - ../../overlays/vscodium.nix - ]; - +}: +{ nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -19,119 +14,177 @@ in { }; programs = { - bash.shellAliases = lib.mkIf cfg.isFullUser { + bash.shellAliases = lib.mkIf config.isFullUser { code = "codium"; }; - steam = lib.mkIf cfg.isFullUser { + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in + { enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + + package = pkgs.vscodium; + + mutableExtensionsDir = false; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = { + "workbench.colorTheme" = "Atom One Dark"; + }; + + extensions = with extensions.open-vsx; [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # misc extensions + bungcip.better-toml + + # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with + open-vsx."10nates".ollama-autocoder + ] + ++ (with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); }; - noisetorch.enable = cfg.isFullUser; - adb.enable = cfg.isFullUser; + # steam = lib.mkIf config.isFullUser { + # enable = true; + # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + # }; + + # noisetorch.enable = config.isFullUser; + + # adb.enable = config.isFullUser; }; - users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( - lib.mkMerge [ - ( - with pkgs; [ - # comand line tools - yt-dlp - ffmpeg - imagemagick - ] - ) - ( - lib.mkIf (!cfg.isThinUser) ( + home = { + packages = lib.mkIf (config.isFullUser || config.isThinUser) ( + lib.mkMerge [ + ( with pkgs; [ - #foss platforms - signal-desktop - bitwarden - firefox - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing - - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - # development tools - (vscode-with-extensions.override { - vscode = vscodium; - vscodeExtensions = with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # misc extensions - bungcip.better-toml - - open-vsx."10nates".ollama-autocoder - ] - ++ (with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); - }) - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno - - # system tools - protonvpn-gui - openvpn - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf config.hardware.piperMouse.enable piper) - (lib.mkIf config.hardware.openRGB.enable openrgb) - (lib.mkIf config.hardware.viaKeyboard.enable via) + # comand line tools + yt-dlp + ffmpeg + imagemagick ] ) - ) - ] - ); + ( + lib.mkIf (!config.isThinUser) ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf config.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing + + # proprietary platforms + discord + obsidian + steam + (lib.mkIf config.hasGPU davinci-resolve) + + # development tools + # (vscode-with-extensions.override { + # vscode = vscodium; + # vscodeExtensions = with open-vsx; + # [ + # # vs code feel extensions + # ms-vscode.atom-keybindings + # akamud.vscode-theme-onedark + # streetsidesoftware.code-spell-checker + # streetsidesoftware.code-spell-checker-german + # streetsidesoftware.code-spell-checker-italian + # jeanp413.open-remote-ssh + + # # nix extensions + # pinage404.nix-extension-pack + # jnoortheen.nix-ide + + # # html extensions + # formulahendry.auto-rename-tag + # ms-vscode.live-server + + # # js extensions + # dsznajder.es7-react-js-snippets + # dbaeumer.vscode-eslint + # standard.vscode-standard + # firsttris.vscode-jest-runner + # stylelint.vscode-stylelint + # tauri-apps.tauri-vscode + + # # misc extensions + # bungcip.better-toml + + # open-vsx."10nates".ollama-autocoder + # ] + # ++ (with vscode-marketplace; [ + # # js extensions + # karyfoundation.nearley + # ]); + # }) + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno + + # system tools + protonvpn-gui + openvpn + nextcloud-client + noisetorch + + # hardware managment tools + (lib.mkIf osConfig.hardware.piperMouse.enable piper) + (lib.mkIf osConfig.hardware.openRGB.enable openrgb) + (lib.mkIf osConfig.hardware.viaKeyboard.enable via) + ] + ) + ) + ] + ); + }; } From 89c8c729fac68ca4c499e071db16c7078a917739 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 15:38:03 +0200 Subject: [PATCH 284/932] added show-trace option to rebuild --- rebuild.sh | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/rebuild.sh b/rebuild.sh index 630a2b4e..a4b7fdc6 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -7,6 +7,8 @@ else preserve_result=false fi +show_trace=false + while [ $# -gt 0 ]; do case "$1" in --target*|-t*) @@ -31,6 +33,9 @@ while [ $# -gt 0 ]; do --no-preserve-result) preserve_result=false ;; + --show-trace) + show_trace=true + ;; --help|-h) echo "--help -h: print this message" echo "--target -t: set the target system to rebuild on" @@ -39,6 +44,7 @@ while [ $# -gt 0 ]; do echo "--user -u: set the user to rebuild flake as on the target system" echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" + echo "--show-trace: show trace on builds" exit 0 ;; *) @@ -54,15 +60,20 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -# path: prefixes on rebuilds here make nix not treat this flake like it has a git repo so we can -# access secret files in the submodule this is kinda bad and we should find a way to not need it -if [[ "$target" == "$(hostname)" ]]; +command="nixos-rebuild $mode --use-remote-sudo --flake .#$flake" + +if [[ "$target" != "$(hostname)" ]]; then - nixos-rebuild $mode --use-remote-sudo --flake .#$flake -else - nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake + command="$command --target-host $user@$target" fi +if [[ "$show_trace" = true ]]; +then + command="$command --show-trace" +fi + +$command + if [ -d "result" ]; then if [[ "$preserve_result" == "false" ]]; From bba88fc3fe89c7256a880fb8ab4f0d67a71015c1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:38:51 +0200 Subject: [PATCH 285/932] added home manger to all flakes --- enviroments/common/default.nix | 3 --- enviroments/server/default.nix | 2 +- flake.nix | 20 +++++++++++++++----- hosts/defiant/configuration.nix | 4 ++++ hosts/twilight/configuration.nix | 10 ++++++---- 5 files changed, 26 insertions(+), 13 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 25c221a2..a1dbdb0c 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -14,9 +14,6 @@ # Enable networking networking.networkmanager.enable = true; - # Set your time zone. - # time.timeZone = "America/Chicago"; - i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 9466c424..3d20a179 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -107,7 +107,7 @@ "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" ]; environment = { - TZ = config.time.timeZone; + TZ = "America/Chicago"; WEBPASSWORD_FILE = passwordFileLocation; PIHOLE_UID = toString config.users.users.pihole.uid; PIHOLE_GID = toString config.users.groups.pihole.gid; diff --git a/flake.nix b/flake.nix index 4f551e2b..7567deb8 100644 --- a/flake.nix +++ b/flake.nix @@ -69,23 +69,27 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - ./hosts/horizon/configuration.nix - nixos-hardware.nixosModules.framework-11th-gen-intel - home-manager.nixosModules.home-manager - { + home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = { inherit inputs; }; } + ./hosts/horizon/configuration.nix + nixos-hardware.nixosModules.framework-11th-gen-intel ]; }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + } ./hosts/twilight/configuration.nix - home-manager.nixosModules.default ]; }; # NAS Service @@ -93,6 +97,12 @@ specialArgs = {inherit inputs;}; modules = [ disko.nixosModules.disko + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + } ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 9288d36b..2faa3782 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -14,6 +14,10 @@ ../../enviroments/server ]; + + home-manager.users.leyla.config = { + isThinUser = true; + }; users.leyla.isThinUser = true; boot.loader.grub = { diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 5c270014..972fd72d 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -14,11 +14,13 @@ ../../enviroments/client ]; + home-manager.users.leyla.config = { + isFullUser = true; + hasGPU = true; + }; + users = { - leyla = { - isFullUser = true; - hasGPU = true; - }; + leyla.isFullUser = true; ester.isFullUser = true; eve.isFullUser = true; }; From d99da6cd44f83651e02704fc58822e4d3bc9c9bd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:39:02 +0200 Subject: [PATCH 286/932] added flake check to pre commit hook --- .hooks/pre-commit | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 57214721..4d465c44 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -2,6 +2,13 @@ git stash -q --keep-index + +nix flake check + +if [ $? -eq 0 ]; then + exit 1 +fi + ./lint.sh RESULT=$? From bbb4be8ac84cd4f0dd0b7a7ceb517688e5cf58b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:39:36 +0200 Subject: [PATCH 287/932] added optimize to nix settings --- enviroments/common/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index a1dbdb0c..78bd2cd8 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -9,6 +9,7 @@ trusted-users = ["leyla"]; }; gc.automatic = true; + optimise.automatic = true; }; # Enable networking From cfa0f64f7054afb992f9f0c5cd96b9d0d9790a27 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:48:35 +0200 Subject: [PATCH 288/932] added weekly timers to garbage collect and optimize made garbage collector collect older then a week --- enviroments/common/default.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 78bd2cd8..db1549d0 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -8,8 +8,15 @@ experimental-features = ["nix-command" "flakes"]; trusted-users = ["leyla"]; }; - gc.automatic = true; - optimise.automatic = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + optimise = { + automatic = true; + dates = "weekly"; + }; }; # Enable networking From 48a321fbd518b7f8ad19255b75b541f7a9a39459 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:50:46 +0200 Subject: [PATCH 289/932] ran linter --- enviroments/common/default.nix | 4 +- flake.nix | 15 ++++--- hosts/defiant/configuration.nix | 1 - users/home.nix | 2 +- users/leyla/default.nix | 1 - users/leyla/home.nix | 2 +- users/leyla/packages.nix | 72 ++++++++++++++++----------------- 7 files changed, 48 insertions(+), 49 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index db1549d0..3dd24c18 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -122,7 +122,7 @@ automatic-timezoned = { enable = true; }; - + openssh = { enable = true; ports = [22]; @@ -154,7 +154,7 @@ iputils dnsutils ]; - + sessionVariables = rec { SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; diff --git a/flake.nix b/flake.nix index 7567deb8..982ca674 100644 --- a/flake.nix +++ b/flake.nix @@ -69,11 +69,12 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager { + home-manager.nixosModules.home-manager + { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = {inherit inputs;}; } ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel @@ -83,11 +84,12 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager { + home-manager.nixosModules.home-manager + { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = {inherit inputs;}; } ./hosts/twilight/configuration.nix ]; @@ -97,11 +99,12 @@ specialArgs = {inherit inputs;}; modules = [ disko.nixosModules.disko - home-manager.nixosModules.home-manager { + home-manager.nixosModules.home-manager + { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = {inherit inputs;}; } ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 2faa3782..59744c8f 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -14,7 +14,6 @@ ../../enviroments/server ]; - home-manager.users.leyla.config = { isThinUser = true; }; diff --git a/users/home.nix b/users/home.nix index 62be4503..05719059 100644 --- a/users/home.nix +++ b/users/home.nix @@ -2,4 +2,4 @@ leyla = import ./leyla/home.nix; # ester = import ./ester/home.nix; # eve = import ./eve/home.nix; -} \ No newline at end of file +} diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 0089d35d..102e029b 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -57,7 +57,6 @@ in { acceleration = lib.mkIf cfg.hasGPU "cuda"; }; - # TODO: this should reference the home directory from the user config openssh.hostKeys = [ { diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 9644e625..f8d4c428 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -105,7 +105,7 @@ nix-direnv.enable = true; }; bash.enable = true; # see note on other shells below - + # firefox = { # enable = true; # profiles.leyla = { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index e14f1571..294cad58 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -5,8 +5,7 @@ pkgs, inputs, ... -}: -{ +}: { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -18,14 +17,13 @@ code = "codium"; }; - vscode = let + vscode = let extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; - in - { + in { enable = true; - + package = pkgs.vscodium; mutableExtensionsDir = false; @@ -36,44 +34,44 @@ "workbench.colorTheme" = "Atom One Dark"; }; - extensions = with extensions.open-vsx; [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + extensions = with extensions.open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # misc extensions - bungcip.better-toml + # misc extensions + bungcip.better-toml - # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with - open-vsx."10nates".ollama-autocoder - ] - ++ (with extensions.vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); + # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with + open-vsx."10nates".ollama-autocoder + ] + ++ (with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); }; - # steam = lib.mkIf config.isFullUser { # enable = true; # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 67abf0d448a726487b482b48c969bb26630cea44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 16:56:43 +0200 Subject: [PATCH 290/932] fixed optimise dates value --- enviroments/common/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 3dd24c18..9ee0c50f 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -15,7 +15,7 @@ }; optimise = { automatic = true; - dates = "weekly"; + dates = ["weekly"]; }; }; From da7b146213eaabd3a68a4fbef2aaae535b72a16c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:04:12 +0200 Subject: [PATCH 291/932] added tasks to tech debt --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e9f9e8f3..b023e095 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,8 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes +- we shouldn't have 2 versions of isFulluser and isThinuser (in home home.nix and default.nix for each user) +- Eve and Ester home-manager ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 232f31d23de402d0ab56a1c2f1fec08c105a32cd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:06:42 +0200 Subject: [PATCH 292/932] merged home manager configs for all systems --- flake.nix | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/flake.nix b/flake.nix index 982ca674..85d1a960 100644 --- a/flake.nix +++ b/flake.nix @@ -64,18 +64,20 @@ in { packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); - nixosConfigurations = { + nixosConfigurations = let + home-manager-config = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = {inherit inputs;}; + }; + in + { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - } + home-manager.nixosModules.home-manager home-manager-config ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel ]; @@ -84,13 +86,7 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; modules = [ - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - } + home-manager.nixosModules.home-manager home-manager-config ./hosts/twilight/configuration.nix ]; }; @@ -99,13 +95,7 @@ specialArgs = {inherit inputs;}; modules = [ disko.nixosModules.disko - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - } + home-manager.nixosModules.home-manager home-manager-config ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; From 6f3022c23bb77bff590d32d2b39af8b6ff3a3fa5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:06:49 +0200 Subject: [PATCH 293/932] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b023e095..ce7ed161 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - move applications in server environment into their own flakes - we shouldn't have 2 versions of isFulluser and isThinuser (in home home.nix and default.nix for each user) - Eve and Ester home-manager +- get rid of default config and import it in hardware-configuration.nix ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From 3cc48070339fd5c173fafdb4c05517912c6e785d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:07:22 +0200 Subject: [PATCH 294/932] moved home-manager-config variable up --- flake.nix | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/flake.nix b/flake.nix index 85d1a960..6a25fab4 100644 --- a/flake.nix +++ b/flake.nix @@ -54,6 +54,12 @@ home-manager, ... } @ inputs: let + home-manager-config = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = {inherit inputs;}; + }; forEachSystem = nixpkgs.lib.genAttrs [ "aarch64-darwin" "aarch64-linux" @@ -64,15 +70,7 @@ in { packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); - nixosConfigurations = let - home-manager-config = { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - }; - in - { + nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; From 6eb6ac12785b2e9cdf3e57349b348f85d9da8b89 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:20:16 +0200 Subject: [PATCH 295/932] removed non home manager isFullUser and isThinUser for leyla --- hosts/defiant/configuration.nix | 1 - hosts/horizon/configuration.nix | 1 - hosts/twilight/configuration.nix | 1 - users/leyla/default.nix | 14 +---------- users/leyla/packages.nix | 41 ++------------------------------ 5 files changed, 3 insertions(+), 55 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 59744c8f..09c51a4d 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,7 +17,6 @@ home-manager.users.leyla.config = { isThinUser = true; }; - users.leyla.isThinUser = true; boot.loader.grub = { enable = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 714429d3..70862764 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -19,7 +19,6 @@ }; users = { - leyla.isFullUser = true; ester.isFullUser = true; eve.isFullUser = true; }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 972fd72d..39bf38b4 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -20,7 +20,6 @@ }; users = { - leyla.isFullUser = true; ester.isFullUser = true; eve.isFullUser = true; }; diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 102e029b..10e9ae92 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -4,18 +4,8 @@ inputs, ... }: let - cfg = config.users.leyla; + cfg = config.home-manager.users.leyla; in { - # imports = [ - # ./packages.nix - # ]; - - options.users.leyla = { - isFullUser = lib.mkEnableOption "create usable leyla user"; - isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; - hasGPU = lib.mkEnableOption "installs gpu intensive programs"; - }; - config = { nixpkgs.config.allowUnfree = true; @@ -67,7 +57,5 @@ in { } ]; }; - - # home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); }; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 294cad58..6b64616b 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -75,7 +75,8 @@ # steam = lib.mkIf config.isFullUser { # enable = true; # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer + # localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers # }; # noisetorch.enable = config.isFullUser; @@ -126,44 +127,6 @@ (lib.mkIf config.hasGPU davinci-resolve) # development tools - # (vscode-with-extensions.override { - # vscode = vscodium; - # vscodeExtensions = with open-vsx; - # [ - # # vs code feel extensions - # ms-vscode.atom-keybindings - # akamud.vscode-theme-onedark - # streetsidesoftware.code-spell-checker - # streetsidesoftware.code-spell-checker-german - # streetsidesoftware.code-spell-checker-italian - # jeanp413.open-remote-ssh - - # # nix extensions - # pinage404.nix-extension-pack - # jnoortheen.nix-ide - - # # html extensions - # formulahendry.auto-rename-tag - # ms-vscode.live-server - - # # js extensions - # dsznajder.es7-react-js-snippets - # dbaeumer.vscode-eslint - # standard.vscode-standard - # firsttris.vscode-jest-runner - # stylelint.vscode-stylelint - # tauri-apps.tauri-vscode - - # # misc extensions - # bungcip.better-toml - - # open-vsx."10nates".ollama-autocoder - # ] - # ++ (with vscode-marketplace; [ - # # js extensions - # karyfoundation.nearley - # ]); - # }) androidStudioPackages.canary jetbrains.idea-community dbeaver-bin From 27406218b5cde8426adeba95669bdd9074dca5c0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:20:44 +0200 Subject: [PATCH 296/932] removed completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index ce7ed161..0132d4a6 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes -- we shouldn't have 2 versions of isFulluser and isThinuser (in home home.nix and default.nix for each user) - Eve and Ester home-manager - get rid of default config and import it in hardware-configuration.nix ## New Features From da4f1299c768262dca43c517561919a72a28f974 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:41:12 +0200 Subject: [PATCH 297/932] added configs for steam noisetorch and adb back in --- users/leyla/default.nix | 13 +++++++++++++ users/leyla/packages.nix | 11 ----------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 10e9ae92..a9efe1c3 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -57,5 +57,18 @@ in { } ]; }; + + programs = { + steam = lib.mkIf cfg.isFullUser { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + + noisetorch.enable = cfg.isFullUser; + + adb.enable = cfg.isFullUser; + }; }; } diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 6b64616b..eabd4bad 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -71,17 +71,6 @@ karyfoundation.nearley ]); }; - - # steam = lib.mkIf config.isFullUser { - # enable = true; - # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer - # localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - # }; - - # noisetorch.enable = config.isFullUser; - - # adb.enable = config.isFullUser; }; home = { From 1cef697f9b53605055cab272ab87d0815b3c1107 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 17:43:00 +0200 Subject: [PATCH 298/932] fixed task typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0132d4a6..dd6a0364 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes - Eve and Ester home-manager -- get rid of default config and import it in hardware-configuration.nix +- get rid of disko config and import it in hardware-configuration.nix ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - fix pre commit hook From dd6046af2766bd8de8b376ec1a9257beaf275c1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 18:11:52 +0200 Subject: [PATCH 299/932] added spell check words --- users/leyla/packages.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index eabd4bad..2239ff2c 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -32,6 +32,9 @@ userSettings = { "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; }; extensions = with extensions.open-vsx; From 2d6b16950b424c10dc8bca6522f057e84d29b723 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 22:42:30 +0200 Subject: [PATCH 300/932] added util to lib --- flake.nix | 11 ++++++----- users/leyla/default.nix | 2 +- util/default.nix | 16 ++++++++++------ 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/flake.nix b/flake.nix index 6a25fab4..bfd72926 100644 --- a/flake.nix +++ b/flake.nix @@ -67,13 +67,14 @@ "x86_64-linux" ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - in { - packages = forEachPkgs (pkgs: import ./pkgs {inherit pkgs;}); + callPackage = nixpkgs.lib.callPackageWith (nixpkgs // { lib = lib; }); + lib = callPackage ./util {} // nixpkgs.lib; + in { nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs lib;}; modules = [ home-manager.nixosModules.home-manager home-manager-config ./hosts/horizon/configuration.nix @@ -82,7 +83,7 @@ }; # Leyla Desktop twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs lib;}; modules = [ home-manager.nixosModules.home-manager home-manager-config ./hosts/twilight/configuration.nix @@ -90,7 +91,7 @@ }; # NAS Service defiant = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs;}; + specialArgs = {inherit inputs lib;}; modules = [ disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/users/leyla/default.nix b/users/leyla/default.nix index a9efe1c3..47b3edb7 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -23,7 +23,7 @@ in { extraGroups = lib.mkMerge [ ["networkmanager" "wheel"] ( - lib.mkIf (!cfg.isThinUser) ["adbusers"] + lib.mkUnless cfg.isThinUser ["adbusers"] ) ]; diff --git a/util/default.nix b/util/default.nix index acd1997c..3d16bf35 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,7 +1,11 @@ -_: { - # mkUnless = condition: then: (mkIf (!condition) then); - # mkIfElse = condition: then: else: lib.mkMerge [ - # (mkIf condition then) - # (mkUnless condition else) - # ]; +{ + lib, + ... +}: +{ + mkUnless = condition: yes: (lib.mkIf (!condition) yes); + mkIfElse = condition: yes: no: lib.mkMerge [ + (lib.mkIf condition yes) + (lib.mkUnless condition no) + ]; } From 8f4e70c0d0e454aac16dd56b569c20f826efdb05 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 22:48:52 +0200 Subject: [PATCH 301/932] moved vscode to own file --- README.md | 1 - users/leyla/packages.nix | 72 ++----------------------------------- users/leyla/vscode.nix | 77 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 80 insertions(+), 70 deletions(-) create mode 100644 users/leyla/vscode.nix diff --git a/README.md b/README.md index dd6a0364..4f1e59b5 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. # Tasks: ## Tech Debt -- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 2239ff2c..1478d1dc 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -6,75 +6,9 @@ inputs, ... }: { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - - programs = { - bash.shellAliases = lib.mkIf config.isFullUser { - code = "codium"; - }; - - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { - enable = true; - - package = pkgs.vscodium; - - mutableExtensionsDir = false; - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - - userSettings = { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - }; - - extensions = with extensions.open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # misc extensions - bungcip.better-toml - - # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with - open-vsx."10nates".ollama-autocoder - ] - ++ (with extensions.vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); - }; - }; + imports = [ + ./vscode.nix + ]; home = { packages = lib.mkIf (config.isFullUser || config.isThinUser) ( diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix new file mode 100644 index 00000000..ffe84b62 --- /dev/null +++ b/users/leyla/vscode.nix @@ -0,0 +1,77 @@ +{ + lib, + config, + pkgs, + inputs, + ... +}: { + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + + programs = { + bash.shellAliases = lib.mkIf config.isFullUser { + code = "codium"; + }; + + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in { + enable = true; + + package = pkgs.vscodium; + + mutableExtensionsDir = false; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; + }; + + extensions = with extensions.open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # misc extensions + bungcip.better-toml + + # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with + open-vsx."10nates".ollama-autocoder + ] + ++ (with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); + }; + }; +} \ No newline at end of file From cb1f8665e52d41d1146092ac3d5a8e55ab11cd3e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 22:52:53 +0200 Subject: [PATCH 302/932] ran linted --- flake.nix | 11 +++++++---- users/leyla/vscode.nix | 2 +- util/default.nix | 15 ++++++--------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/flake.nix b/flake.nix index bfd72926..efffbd27 100644 --- a/flake.nix +++ b/flake.nix @@ -68,7 +68,7 @@ ]; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - callPackage = nixpkgs.lib.callPackageWith (nixpkgs // { lib = lib; }); + callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); lib = callPackage ./util {} // nixpkgs.lib; in { nixosConfigurations = { @@ -76,7 +76,8 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ - home-manager.nixosModules.home-manager home-manager-config + home-manager.nixosModules.home-manager + home-manager-config ./hosts/horizon/configuration.nix nixos-hardware.nixosModules.framework-11th-gen-intel ]; @@ -85,7 +86,8 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ - home-manager.nixosModules.home-manager home-manager-config + home-manager.nixosModules.home-manager + home-manager-config ./hosts/twilight/configuration.nix ]; }; @@ -94,7 +96,8 @@ specialArgs = {inherit inputs lib;}; modules = [ disko.nixosModules.disko - home-manager.nixosModules.home-manager home-manager-config + home-manager.nixosModules.home-manager + home-manager-config ./hosts/defiant/disko-config.nix ./hosts/defiant/configuration.nix ]; diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index ffe84b62..37fc4be7 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -74,4 +74,4 @@ ]); }; }; -} \ No newline at end of file +} diff --git a/util/default.nix b/util/default.nix index 3d16bf35..a06ac294 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,11 +1,8 @@ -{ - lib, - ... -}: -{ +{lib, ...}: { mkUnless = condition: yes: (lib.mkIf (!condition) yes); - mkIfElse = condition: yes: no: lib.mkMerge [ - (lib.mkIf condition yes) - (lib.mkUnless condition no) - ]; + mkIfElse = condition: yes: no: + lib.mkMerge [ + (lib.mkIf condition yes) + (lib.mkUnless condition no) + ]; } From c0167bd5d188af037d35f9f31c1591bc2f17b2a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 23:04:17 +0200 Subject: [PATCH 303/932] updated README --- .hooks/pre-commit | 5 +++-- README.md | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 4d465c44..524d4e58 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -2,13 +2,14 @@ git stash -q --keep-index - +echo "checking flakes all compile" nix flake check -if [ $? -eq 0 ]; then +if [ ! $? -eq 0 ]; then exit 1 fi +echo "running linter" ./lint.sh RESULT=$? diff --git a/README.md b/README.md index 4f1e59b5..f639b539 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ ## Configuration -set up git configuration for local development: `git config --local include.path .gitconfig` +set up git configuration for local development: `git config core.hooksPath .hooks` to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set) From 8da184333e7384d09e56c5caed34c8e5565efbe2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 23:06:12 +0200 Subject: [PATCH 304/932] added logging to commit hooks --- .hooks/post-commit | 2 ++ .hooks/pre-commit | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.hooks/post-commit b/.hooks/post-commit index 78038507..93d7f156 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -1,3 +1,5 @@ #!/usr/bin/env bash +echo "restoring stashed changes" + git stash pop -q diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 524d4e58..6687ec0f 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,5 +1,6 @@ #!/usr/bin/env bash +echo "stashing all uncommitted changes" git stash -q --keep-index echo "checking flakes all compile" @@ -14,6 +15,7 @@ echo "running linter" RESULT=$? +echo "adding lint changes to commit" git add -u exit $RESULT \ No newline at end of file From dec1ef1d963804884d11510b5c54c1cb09a58712 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 3 Oct 2024 23:07:27 +0200 Subject: [PATCH 305/932] removed completed task from README --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index f639b539..8e7e794c 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - get rid of disko config and import it in hardware-configuration.nix ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- fix pre commit hook - Flake templates - home assistant virtual machine - searxng docker From 04871258ee4233cb29d9662eb8ba6eb2de9d3197 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 4 Oct 2024 01:01:41 +0200 Subject: [PATCH 306/932] moved ester and eve over to home manager --- README.md | 2 +- enviroments/common/default.nix | 3 ++ hosts/defiant/configuration.nix | 2 +- hosts/horizon/configuration.nix | 17 +++++--- hosts/twilight/configuration.nix | 19 ++++---- users/default.nix | 1 - users/ester/default.nix | 16 ++----- users/ester/home.nix | 73 +++++++++++++++++++++++++++++++ users/eve/default.nix | 18 ++------ users/eve/home.nix | 75 ++++++++++++++++++++++++++++++++ users/home.nix | 4 +- users/leyla/default.nix | 22 +++++----- users/leyla/home.nix | 29 ++---------- users/leyla/packages.nix | 4 +- users/leyla/vscode.nix | 67 ++++++++++++++-------------- 15 files changed, 233 insertions(+), 119 deletions(-) create mode 100644 users/ester/home.nix create mode 100644 users/eve/home.nix diff --git a/README.md b/README.md index 8e7e794c..677971c5 100644 --- a/README.md +++ b/README.md @@ -43,8 +43,8 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes -- Eve and Ester home-manager - get rid of disko config and import it in hardware-configuration.nix +- why does users.users..home conflict with home-manager.users..home.homeDirectory ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 9ee0c50f..3416c1a7 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -42,18 +42,21 @@ uid = 1000; description = "Leyla"; group = "leyla"; + home = "/home/leyla"; }; ester = { uid = 1001; description = "Ester"; group = "ester"; + home = "/home/ester"; }; eve = { uid = 1002; description = "Eve"; group = "eve"; + home = "/home/eve"; }; jellyfin = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 09c51a4d..bbe96015 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -15,7 +15,7 @@ ]; home-manager.users.leyla.config = { - isThinUser = true; + isTerminalUser = true; }; boot.loader.grub = { diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 70862764..ef042d63 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,13 +14,16 @@ ../../enviroments/client ]; - home-manager.users.leyla.config = { - isFullUser = true; - }; - - users = { - ester.isFullUser = true; - eve.isFullUser = true; + home-manager.users = { + leyla.config = { + isDesktopUser = true; + }; + ester.config = { + isDesktopUser = true; + }; + eve.config = { + isDesktopUser = true; + }; }; # enabled virtualisation for docker diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 39bf38b4..4de1e5f8 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -14,14 +14,17 @@ ../../enviroments/client ]; - home-manager.users.leyla.config = { - isFullUser = true; - hasGPU = true; - }; - - users = { - ester.isFullUser = true; - eve.isFullUser = true; + home-manager.users = { + leyla.config = { + isDesktopUser = true; + hasGPU = true; + }; + ester.config = { + isDesktopUser = true; + }; + eve.config = { + isDesktopUser = true; + }; }; systemd.tmpfiles.rules = [ diff --git a/users/default.nix b/users/default.nix index 3dc52d9d..ab742745 100644 --- a/users/default.nix +++ b/users/default.nix @@ -3,6 +3,5 @@ users.mutableUsers = false; - home-manager.extraSpecialArgs = {inherit inputs;}; home-manager.users = import ./home.nix; } diff --git a/users/ester/default.nix b/users/ester/default.nix index f6a12030..61e0d4ed 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -5,16 +5,12 @@ inputs, ... }: let - cfg = config.users.ester; + cfg = config.home-manager.users.ester; in { - options.users.ester = { - isFullUser = lib.mkEnableOption "ester"; - }; - config = { nixpkgs.config.allowUnfree = true; - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf cfg.isDesktopUser { "passwords/ester" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -22,18 +18,12 @@ in { }; users.users.ester = ( - if cfg.isFullUser + if cfg.isDesktopUser then { isNormalUser = true; extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - ]; } else { isSystemUser = true; diff --git a/users/ester/home.nix b/users/ester/home.nix new file mode 100644 index 00000000..1d3a2a2d --- /dev/null +++ b/users/ester/home.nix @@ -0,0 +1,73 @@ +{ + pkgs, + lib, + config, + ... +}: { + options = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + + config = { + home = { + username = "ester"; + homeDirectory = "/home/ester"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/ester/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; + + packages = lib.mkIf config.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + ] + ); + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + }; + }; +} diff --git a/users/eve/default.nix b/users/eve/default.nix index 7902ff27..4956deac 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -5,16 +5,12 @@ inputs, ... }: let - cfg = config.users.eve; + cfg = config.home-manager.users.eve; in { - options.users.eve = { - isFullUser = lib.mkEnableOption "eve"; - }; - config = { nixpkgs.config.allowUnfree = true; - sops.secrets = lib.mkIf cfg.isFullUser { + sops.secrets = lib.mkIf cfg.isDesktopUser { "passwords/eve" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -22,20 +18,12 @@ in { }; users.users.eve = ( - if cfg.isFullUser + if cfg.isDesktopUser then { isNormalUser = true; extraGroups = ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; - - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ]; } else { isSystemUser = true; diff --git a/users/eve/home.nix b/users/eve/home.nix new file mode 100644 index 00000000..461458d3 --- /dev/null +++ b/users/eve/home.nix @@ -0,0 +1,75 @@ +{ + pkgs, + lib, + config, + ... +}: { + options = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + + config = { + home = { + username = "eve"; + homeDirectory = "/home/eve"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; + + packages = lib.mkIf config.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ] + ); + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + }; + }; +} diff --git a/users/home.nix b/users/home.nix index 05719059..88d63373 100644 --- a/users/home.nix +++ b/users/home.nix @@ -1,5 +1,5 @@ { leyla = import ./leyla/home.nix; - # ester = import ./ester/home.nix; - # eve = import ./eve/home.nix; + ester = import ./ester/home.nix; + eve = import ./eve/home.nix; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 47b3edb7..e8baee3f 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -9,7 +9,7 @@ in { config = { nixpkgs.config.allowUnfree = true; - sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { + sops.secrets = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) { "passwords/leyla" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -17,15 +17,13 @@ in { }; users.users.leyla = ( - if (cfg.isFullUser || cfg.isThinUser) + if (cfg.isDesktopUser || cfg.isTerminalUser) then { isNormalUser = true; - extraGroups = lib.mkMerge [ + extraGroups = ( ["networkmanager" "wheel"] - ( - lib.mkUnless cfg.isThinUser ["adbusers"] - ) - ]; + ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers" + ); hashedPasswordFile = config.sops.secrets."passwords/leyla".path; @@ -43,8 +41,8 @@ in { services = { ollama = { - enable = true; - acceleration = lib.mkIf cfg.hasGPU "cuda"; + enable = cfg.hasGPU; + acceleration = "cuda"; }; # TODO: this should reference the home directory from the user config @@ -59,16 +57,16 @@ in { }; programs = { - steam = lib.mkIf cfg.isFullUser { + steam = lib.mkIf cfg.isDesktopUser { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers }; - noisetorch.enable = cfg.isFullUser; + noisetorch.enable = cfg.isDesktopUser; - adb.enable = cfg.isFullUser; + adb.enable = cfg.isDesktopUser; }; }; } diff --git a/users/leyla/home.nix b/users/leyla/home.nix index f8d4c428..ac513ded 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -9,8 +9,8 @@ ]; options = { - isFullUser = lib.mkEnableOption "create usable leyla user"; - isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; hasGPU = lib.mkEnableOption "installs gpu intensive programs"; }; @@ -30,27 +30,6 @@ # release notes. stateVersion = "23.11"; # Please read the comment before changing. - # The home.packages option allows you to install Nix packages into your - # environment. - packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello - - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; - # Home Manager is pretty good at managing dotfiles. The primary way to manage # plain files is through 'home.file'. file = { @@ -101,10 +80,10 @@ # add direnv to auto load flakes for development direnv = { enable = true; - enableBashIntegration = true; # see note on other shells below + enableBashIntegration = true; nix-direnv.enable = true; }; - bash.enable = true; # see note on other shells below + bash.enable = true; # firefox = { # enable = true; diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 1478d1dc..d59696d2 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -11,7 +11,7 @@ ]; home = { - packages = lib.mkIf (config.isFullUser || config.isThinUser) ( + packages = lib.mkIf (config.isDesktopUser || config.isTerminalUser) ( lib.mkMerge [ ( with pkgs; [ @@ -22,7 +22,7 @@ ] ) ( - lib.mkIf (!config.isThinUser) ( + lib.mkIf (!config.isTerminalUser) ( with pkgs; [ #foss platforms signal-desktop diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index 37fc4be7..dbb5ae0b 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -12,7 +12,7 @@ }; programs = { - bash.shellAliases = lib.mkIf config.isFullUser { + bash.shellAliases = lib.mkIf config.isDesktopUser { code = "codium"; }; @@ -36,42 +36,45 @@ ]; }; - extensions = with extensions.open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + extensions = ( + with extensions.open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # misc extensions - bungcip.better-toml + # misc extensions + bungcip.better-toml - # the number at the start of the name here doesnt resolve nicely so we have to refernce it as a part of open-vsx directly instead of though with - open-vsx."10nates".ollama-autocoder - ] - ++ (with extensions.vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ]); + open-vsx."10nates".ollama-autocoder + ] + ++ ( + with extensions.vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ] + ) + ); }; }; } From ce2f59a386a559117f8871064c51dd1ba50efa04 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 4 Oct 2024 01:05:35 +0200 Subject: [PATCH 307/932] moved firefox draft to own file --- users/leyla/firefox.nix | 132 +++++++++++++++++++++++++++++++++++++++ users/leyla/packages.nix | 1 + 2 files changed, 133 insertions(+) create mode 100644 users/leyla/firefox.nix diff --git a/users/leyla/firefox.nix b/users/leyla/firefox.nix new file mode 100644 index 00000000..615b3e37 --- /dev/null +++ b/users/leyla/firefox.nix @@ -0,0 +1,132 @@ +{ + lib, + config, + pkgs, + inputs, + ... +}: { + programs = { + # firefox = { + # enable = true; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ + # ublock-origin + # bitwarden + + # ]; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://tech.lgbt"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # } + }; +} diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index d59696d2..bf3589cd 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -8,6 +8,7 @@ }: { imports = [ ./vscode.nix + ./firefox.nix ]; home = { From 60fba00be909e9fc9a5adfa97227557c1735ec41 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 4 Oct 2024 01:51:38 +0200 Subject: [PATCH 308/932] moved user config back into user file from home file --- hosts/defiant/configuration.nix | 6 ++++-- hosts/horizon/configuration.nix | 8 ++++---- hosts/twilight/configuration.nix | 9 ++++----- users/default.nix | 11 +++++++++-- users/ester/default.nix | 6 +++++- users/ester/home.nix | 13 ++++++------- users/eve/default.nix | 6 +++++- users/eve/home.nix | 14 ++++++-------- users/home.nix | 10 +++++++--- users/leyla/default.nix | 8 +++++++- users/leyla/home.nix | 10 ++-------- users/leyla/packages.nix | 12 +++++++----- users/leyla/vscode.nix | 8 +++++--- 13 files changed, 71 insertions(+), 50 deletions(-) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index bbe96015..07017bd7 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -14,8 +14,10 @@ ../../enviroments/server ]; - home-manager.users.leyla.config = { - isTerminalUser = true; + nixos.users = { + leyla = { + isTerminalUser = true; + }; }; boot.loader.grub = { diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index ef042d63..f49e83d2 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,14 +14,14 @@ ../../enviroments/client ]; - home-manager.users = { - leyla.config = { + nixos.users = { + leyla = { isDesktopUser = true; }; - ester.config = { + ester = { isDesktopUser = true; }; - eve.config = { + eve = { isDesktopUser = true; }; }; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 4de1e5f8..0ed47c87 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -13,16 +13,15 @@ ../../enviroments/client ]; - - home-manager.users = { - leyla.config = { + nixos.users = { + leyla = { isDesktopUser = true; hasGPU = true; }; - ester.config = { + ester = { isDesktopUser = true; }; - eve.config = { + eve = { isDesktopUser = true; }; }; diff --git a/users/default.nix b/users/default.nix index ab742745..fd1f6a40 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,7 +1,14 @@ -{inputs, ...}: { +{ + lib, + config, + ... +}: { imports = [./leyla ./ester ./eve]; users.mutableUsers = false; - home-manager.users = import ./home.nix; + home-manager.users = import ./home.nix { + lib = lib; + config = config; + }; } diff --git a/users/ester/default.nix b/users/ester/default.nix index 61e0d4ed..ec5449c5 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -5,8 +5,12 @@ inputs, ... }: let - cfg = config.home-manager.users.ester; + cfg = config.nixos.users.ester; in { + options.nixos.users.ester = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + config = { nixpkgs.config.allowUnfree = true; diff --git a/users/ester/home.nix b/users/ester/home.nix index 1d3a2a2d..773c13c2 100644 --- a/users/ester/home.nix +++ b/users/ester/home.nix @@ -2,16 +2,15 @@ pkgs, lib, config, + osConfig, ... -}: { - options = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - +}: let + cfg = osConfig.nixos.users.ester; +in { config = { home = { username = "ester"; - homeDirectory = "/home/ester"; + homeDirectory = osConfig.users.users.ester.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release @@ -56,7 +55,7 @@ # EDITOR = "emacs"; }; - packages = lib.mkIf config.isDesktopUser ( + packages = lib.mkIf cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/users/eve/default.nix b/users/eve/default.nix index 4956deac..46c9a8a4 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -5,8 +5,12 @@ inputs, ... }: let - cfg = config.home-manager.users.eve; + cfg = config.nixos.users.eve; in { + options.nixos.users.eve = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + }; + config = { nixpkgs.config.allowUnfree = true; diff --git a/users/eve/home.nix b/users/eve/home.nix index 461458d3..0b1d25c8 100644 --- a/users/eve/home.nix +++ b/users/eve/home.nix @@ -1,17 +1,15 @@ { pkgs, lib, - config, + osConfig, ... -}: { - options = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - +}: let + cfg = osConfig.nixos.users.eve; +in { config = { home = { username = "eve"; - homeDirectory = "/home/eve"; + homeDirectory = osConfig.users.users.eve.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release @@ -56,7 +54,7 @@ # EDITOR = "emacs"; }; - packages = lib.mkIf config.isDesktopUser ( + packages = lib.mkIf cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/users/home.nix b/users/home.nix index 88d63373..d32f2dfa 100644 --- a/users/home.nix +++ b/users/home.nix @@ -1,5 +1,9 @@ { - leyla = import ./leyla/home.nix; - ester = import ./ester/home.nix; - eve = import ./eve/home.nix; + lib, + config, + ... +}: { + leyla = lib.mkIf (config.nixos.users.leyla.isDesktopUser || config.nixos.users.leyla.isTerminalUser) (import ./leyla/home.nix); + ester = lib.mkIf config.nixos.users.ester.isDesktopUser (import ./ester/home.nix); + eve = lib.mkIf config.nixos.users.eve.isDesktopUser (import ./eve/home.nix); } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index e8baee3f..48e3c982 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -4,8 +4,14 @@ inputs, ... }: let - cfg = config.home-manager.users.leyla; + cfg = config.nixos.users.leyla; in { + options.nixos.users.leyla = { + isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; + isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; + }; + config = { nixpkgs.config.allowUnfree = true; diff --git a/users/leyla/home.nix b/users/leyla/home.nix index ac513ded..14f4e8ba 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,25 +1,19 @@ { lib, - config, pkgs, + osConfig, ... }: { imports = [ ./packages.nix ]; - options = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; - hasGPU = lib.mkEnableOption "installs gpu intensive programs"; - }; - config = { # Home Manager needs a bit of information about you and the paths it should # manage. home = { username = "leyla"; - homeDirectory = "/home/leyla"; + homeDirectory = osConfig.users.users.leyla.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index bf3589cd..0b40333a 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -5,14 +5,16 @@ pkgs, inputs, ... -}: { +}: let + cfg = osConfig.nixos.users.leyla; +in { imports = [ ./vscode.nix ./firefox.nix ]; home = { - packages = lib.mkIf (config.isDesktopUser || config.isTerminalUser) ( + packages = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) ( lib.mkMerge [ ( with pkgs; [ @@ -23,7 +25,7 @@ ] ) ( - lib.mkIf (!config.isTerminalUser) ( + lib.mkIf (!cfg.isTerminalUser) ( with pkgs; [ #foss platforms signal-desktop @@ -42,7 +44,7 @@ onionshare easytag # rhythmbox - (lib.mkIf config.hasGPU obs-studio) + (lib.mkIf cfg.hasGPU obs-studio) # wireshark # rpi-imager # fritzing @@ -51,7 +53,7 @@ discord obsidian steam - (lib.mkIf config.hasGPU davinci-resolve) + (lib.mkIf cfg.hasGPU davinci-resolve) # development tools androidStudioPackages.canary diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index dbb5ae0b..a0dd27c1 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -1,10 +1,12 @@ { lib, - config, + osConfig, pkgs, inputs, ... -}: { +}: let + cfg = osConfig.nixos.users.leyla; +in { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -12,7 +14,7 @@ }; programs = { - bash.shellAliases = lib.mkIf config.isDesktopUser { + bash.shellAliases = lib.mkIf cfg.isDesktopUser { code = "codium"; }; From 3cf6791d9e3a6bc80d302ceca05bf965b1e09d4c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Oct 2024 17:16:59 +0200 Subject: [PATCH 309/932] installed anki --- users/leyla/packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 0b40333a..33bdc286 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -55,6 +55,8 @@ in { steam (lib.mkIf cfg.hasGPU davinci-resolve) + anki-bin + # development tools androidStudioPackages.canary jetbrains.idea-community From 8dc253056cd34d5d95e81242cc37239f126a6726 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Oct 2024 17:35:54 +0200 Subject: [PATCH 310/932] updated flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index e323be9e..9f0181a5 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1727249977, - "narHash": "sha256-lAqOCDI4B6hA+t+KHSm/Go8hQF/Ob5sgXaIRtMAnMKw=", + "lastModified": 1728659696, + "narHash": "sha256-xipqQdXMZdSln1WChUWFqcrghOMYCmdRo7rgf/MtEkg=", "owner": "nix-community", "repo": "disko", - "rev": "c1c472f4cd91e4b0703e02810a8c7ed30186b6fa", + "rev": "c7ef3964b6befa877e76316ae88f3ef251cae573", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1727246346, - "narHash": "sha256-TcUaKtya339Asu+g6KTJ8h7KiKcKXKp2V+At+7tksyY=", + "lastModified": 1728650932, + "narHash": "sha256-mGKzqdsRyLnGNl6WjEr7+sghGgBtYHhJQ4mjpgRTCsU=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e22ef1518fb175d762006f9cae7f6312b8caedb", + "rev": "65ae9c147349829d3df0222151f53f79821c5134", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1727228778, - "narHash": "sha256-vg1b7yLH8TgKsUi5KlctSx4GuET7MAoWUR7nqAGnU/Y=", + "lastModified": 1728179514, + "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "fb86a415579cd38eb7b47c3ada597841b97e2ea9", + "rev": "018196c371073d669510fd69dd2f6dc0ec608c41", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1727040444, - "narHash": "sha256-19FNN5QT9Z11ZUMfftRplyNN+2PgcHKb3oq8KMW/hDA=", + "lastModified": 1728269138, + "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d0cb432a9d28218df11cbd77d984a2a46caeb5ac", + "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726937504, - "narHash": "sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9357f4f23713673f310988025d9dc261c20e70c6", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1725762081, - "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", + "lastModified": 1728156290, + "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "rev": "17ae88b569bb15590549ff478bab6494dde4a907", "type": "github" }, "original": { @@ -180,11 +180,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1726524647, - "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=", + "lastModified": 1728345710, + "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e2d404a7ea599a013189aa42947f66cede0645c8", + "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", "type": "github" }, "original": { From f6e0b8684cf5d2739e17a13ff1e1c1e59fdc3c38 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Oct 2024 20:21:36 +0200 Subject: [PATCH 311/932] added home assistant to defiant --- enviroments/server/default.nix | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 3d20a179..f2f32bf3 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -72,6 +72,18 @@ default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; }; }; + home-assistant = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that home-assistant will be hosted at"; + default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; + }; + }; }; }; @@ -249,6 +261,17 @@ stateDir = "/home/forgejo/data"; }; + home-assistant = { + enable = true; + config.http = { + server_port = 8082; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -270,6 +293,11 @@ enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }; + ${config.apps.home-assistant.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + }; }; }; }; @@ -279,7 +307,8 @@ defaults.email = "jan-leila@protonmail.com"; }; - networking.firewall.allowedTCPPorts = [53 2049 3000 8081]; + # TODO: remove 8081 and 8082 when nginx is enabled + networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082]; environment.systemPackages = [ config.services.headscale.package From abede83bfac00d9ec9169f26bdb0a452112e0c42 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Oct 2024 19:13:36 -0500 Subject: [PATCH 312/932] added legacy mount points back to horizon --- hosts/horizon/hardware-configuration.nix | 33 +++++++++++------------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 1e203f34..36459058 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -63,26 +63,23 @@ options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - # "/mnt/legacy_leyla_home" = - # { - # device = "server.arpa:/home/leyla"; - # fsType = "nfs"; - # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - # }; + "/mnt/legacy_leyla_home" = { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - # "/mnt/legacy_share_home" = - # { - # device = "server.arpa:/home/share"; - # fsType = "nfs"; - # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; - # }; + "/mnt/legacy_share_home" = { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; - # "/mnt/legacy_docker_home" = - # { - # device = "server.arpa:/home/docker"; - # fsType = "nfs"; - # options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - # }; + "/mnt/legacy_docker_home" = { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; + }; }; services.cachefilesd.enable = true; From b2ee04dce5aa9cc2a429bd252be1927b39067e22 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Oct 2024 19:21:07 -0500 Subject: [PATCH 313/932] added more hass config --- enviroments/common/default.nix | 17 ++++++++++++++++- enviroments/server/default.nix | 16 +++++++++------- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 3416c1a7..db170dbe 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + lib, + ... +}: { imports = [ ../../users ]; @@ -76,6 +80,12 @@ group = "pihole"; isSystemUser = true; }; + + hass = { + uid = lib.mkForce 2004; + group = "hass"; + isSystemUser = true; + }; }; groups = { @@ -118,6 +128,11 @@ gid = 2003; members = ["pihole" "leyla"]; }; + + hass = { + gid = lib.mkForce 2004; + members = ["hass" "leyla"]; + }; }; }; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index f2f32bf3..c3e64646 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -137,12 +137,13 @@ systemd = { tmpfiles.rules = [ "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" - "d /home/jellyfin/config 750 jellyfin jellyfin -" - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server + "d /home/jellyfin/config 750 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" # is /home/docker/jellyfin/cache on existing server "d /home/forgejo 750 forgejo forgejo -" - "d /home/forgejo/data 750 forgejo forgejo -" - "d /home/pihole 750 pihole pihole -" + "d /home/forgejo/data 750 forgejo forgejo -" # is /home/docker/forgejo on existing server + "d /home/pihole 750 pihole pihole -" # is /home/docker/pihole on old system + "d /home/hass 750 hass hass -" # is /home/docker/hass on old system ]; services = { @@ -243,8 +244,8 @@ enable = true; user = "jellyfin"; group = "jellyfin"; - dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config - cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache + dataDir = "/home/jellyfin/config"; + cacheDir = "/home/jellyfin/cache"; }; forgejo = { @@ -263,6 +264,7 @@ home-assistant = { enable = true; + configDir = "/home/hass"; config.http = { server_port = 8082; use_x_forwarded_for = true; From 7c3aaf241a9f1199efdd263c4c27ae8a935e03c8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 19 Oct 2024 11:15:13 -0500 Subject: [PATCH 314/932] added searxng --- README.md | 3 +-- enviroments/server/default.nix | 40 ++++++++++++++++++++++++++++++---- flake.lock | 38 ++++++++++++++++---------------- secrets | 2 +- 4 files changed, 57 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 677971c5..32b2a225 100644 --- a/README.md +++ b/README.md @@ -48,8 +48,7 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- home assistant virtual machine -- searxng docker +- searxng - nextcloud ??? - samba mounts - firefox declarative??? diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index c3e64646..7d44a147 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -84,6 +84,18 @@ default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; }; }; + searx = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "search"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that searx will be hosted at"; + default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; + }; + }; }; }; @@ -92,6 +104,9 @@ "services/pi-hole" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; }; virtualisation = { @@ -234,8 +249,8 @@ address = "0.0.0.0"; port = 8080; settings = { - server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; - dns_config.base_domain = config.apps.base_domain; + # server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; + dns.base_domain = config.apps.base_domain; logtail.enabled = false; }; }; @@ -274,6 +289,18 @@ }; }; + searx = { + enable = true; + environmentFile = config.sops.secrets."services/searx".path; + settings = { + server = { + port = 8083; + base_url = config.apps.searx.hostname; + secret_key = "@SEARXNG_SECRET@"; + }; + }; + }; + nginx = { enable = false; # TODO: enable this when you want to test all the configs virtualHosts = { @@ -300,6 +327,11 @@ enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; }; + ${config.apps.searx.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.port}"; + }; }; }; }; @@ -309,8 +341,8 @@ defaults.email = "jan-leila@protonmail.com"; }; - # TODO: remove 8081 and 8082 when nginx is enabled - networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082]; + # TODO: remove 8081, 8082, 8083 when nginx is enabled + networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082 8083]; environment.systemPackages = [ config.services.headscale.package diff --git a/flake.lock b/flake.lock index 9f0181a5..0e62de90 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1728659696, - "narHash": "sha256-xipqQdXMZdSln1WChUWFqcrghOMYCmdRo7rgf/MtEkg=", + "lastModified": 1729281548, + "narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=", "owner": "nix-community", "repo": "disko", - "rev": "c7ef3964b6befa877e76316ae88f3ef251cae573", + "rev": "a6a3179ddf396dfc28a078e2f169354d0c137125", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1728650932, - "narHash": "sha256-mGKzqdsRyLnGNl6WjEr7+sghGgBtYHhJQ4mjpgRTCsU=", + "lastModified": 1729321331, + "narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=", "owner": "nix-community", "repo": "home-manager", - "rev": "65ae9c147349829d3df0222151f53f79821c5134", + "rev": "122f70545b29ccb922e655b08acfe05bfb44ec68", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1728179514, - "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=", + "lastModified": 1729302344, + "narHash": "sha256-txj6S9QC1IiUlxz41dU8QORG47Mu0vX7ldwNKud2oy4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "018196c371073d669510fd69dd2f6dc0ec608c41", + "rev": "a2a26f1bada2202572599346eb952bd3e130af66", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1728269138, - "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", + "lastModified": 1729333370, + "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", + "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728492678, - "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "lastModified": 1729256560, + "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", "type": "github" }, "original": { @@ -158,11 +158,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1727152771, - "narHash": "sha256-GYtrV//xaqamqRynEaHJrbklliHyAN9/4NZRXBZlahs=", + "lastModified": 1729353554, + "narHash": "sha256-mLf7siPN9HtpZIZZA1eubwNTyVsIS/kHzWvJ+oX88xU=", "ref": "main", - "rev": "46172e93709498e57d188a1bd19349c28fe4e3e3", - "revCount": 2, + "rev": "73b4f304d4445e8ce53f395e78289f264753efeb", + "revCount": 3, "type": "git", "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" }, diff --git a/secrets b/secrets index 46172e93..73b4f304 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 46172e93709498e57d188a1bd19349c28fe4e3e3 +Subproject commit 73b4f304d4445e8ce53f395e78289f264753efeb From 1790d785f528ca8473953bcdc9975e85f03368bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 22 Oct 2024 10:27:51 -0500 Subject: [PATCH 315/932] installed flipperq --- enviroments/client/default.nix | 1 + flake.lock | 30 +++++++++++++++--------------- users/leyla/packages.nix | 3 ++- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 86ff67be..9dfa06b4 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -44,6 +44,7 @@ # Enable sound with pipewire. hardware.pulseaudio.enable = false; + hardware.flipperzero.enable = true; security.rtkit.enable = true; environment.systemPackages = with pkgs; [ diff --git a/flake.lock b/flake.lock index 0e62de90..7fc8f4bc 100644 --- a/flake.lock +++ b/flake.lock @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1729321331, - "narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=", + "lastModified": 1729551526, + "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=", "owner": "nix-community", "repo": "home-manager", - "rev": "122f70545b29ccb922e655b08acfe05bfb44ec68", + "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1729302344, - "narHash": "sha256-txj6S9QC1IiUlxz41dU8QORG47Mu0vX7ldwNKud2oy4=", + "lastModified": 1729475384, + "narHash": "sha256-x7ODafOKfxXMdgs/wPXVpmf04vOr7cJLEDWYT/TBjY0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "a2a26f1bada2202572599346eb952bd3e130af66", + "rev": "77a421d6c7ea09381c7e33d90c3017c9727dfbc3", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729333370, - "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=", + "lastModified": 1729509737, + "narHash": "sha256-8OHgqz+tFo21h3hg4/GHizFPws+MMzpEru/+62Z0E8c=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb", + "rev": "cc2d3c0e060f981905d52337340ee6ec8b8eb037", "type": "github" }, "original": { @@ -130,11 +130,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1728156290, - "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=", + "lastModified": 1729357638, + "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "17ae88b569bb15590549ff478bab6494dde4a907", + "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22", "type": "github" }, "original": { @@ -180,11 +180,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1728345710, - "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", + "lastModified": 1729394972, + "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", + "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5", "type": "github" }, "original": { diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 33bdc286..c8c50588 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -38,7 +38,7 @@ in { krita freecad # cura - kicad-small + # kicad-small makemkv transmission_4-gtk onionshare @@ -62,6 +62,7 @@ in { jetbrains.idea-community dbeaver-bin bruno + qFlipper # system tools protonvpn-gui From 77e3d687d4d4db1b5df94b5f6595855682e71bee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 23 Oct 2024 12:10:25 -0500 Subject: [PATCH 316/932] added nix language server removed ollama --- enviroments/client/default.nix | 13 ++++++++++++- users/leyla/default.nix | 8 ++++---- users/leyla/packages.nix | 2 -- users/leyla/vscode.nix | 14 +++++++++++--- 4 files changed, 27 insertions(+), 10 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 9dfa06b4..0e07090a 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,8 +1,16 @@ -{pkgs, ...}: { +{ + pkgs, + inputs, + ... +}: { imports = [ ../common ]; + nix = { + nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + }; + services = { # Enable CUPS to print documents. printing.enable = true; @@ -51,6 +59,9 @@ # helvetica font aileron + # nix langauge server + nixd + cachefilesd gnomeExtensions.dash-to-dock diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 48e3c982..2698b8e2 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -46,10 +46,10 @@ in { ); services = { - ollama = { - enable = cfg.hasGPU; - acceleration = "cuda"; - }; + # ollama = { + # enable = cfg.hasGPU; + # acceleration = "cuda"; + # }; # TODO: this should reference the home directory from the user config openssh.hostKeys = [ diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index c8c50588..1406f6de 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -1,9 +1,7 @@ { lib, - config, osConfig, pkgs, - inputs, ... }: let cfg = osConfig.nixos.users.leyla; diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index a0dd27c1..2da1844a 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -36,10 +36,18 @@ in { "cSpell.userWords" = [ "webdav" ]; + "nix.serverPath" = "nixd"; + "nix.enableLanguageServer" = true; + "nixpkgs" = { + "expr" = "import {}"; + }; + # "fomratting": { + # "command": [ "alejandra" ]; + # }; }; extensions = ( - with extensions.open-vsx; + with open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -68,10 +76,10 @@ in { # misc extensions bungcip.better-toml - open-vsx."10nates".ollama-autocoder + # lib.mkIf open-vsx."10nates".ollama-autocoder ] ++ ( - with extensions.vscode-marketplace; [ + with vscode-marketplace; [ # js extensions karyfoundation.nearley ] From f132f44b9603a93c6daed26ce61340bc19a2b93f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Oct 2024 13:16:14 -0500 Subject: [PATCH 317/932] installed proxmark tools --- README.md | 1 + flake.nix | 11 +++++++++-- overlays/default.nix | 7 +++++++ pkgs/default.nix | 3 ++- users/leyla/default.nix | 2 +- users/leyla/packages.nix | 2 ++ 6 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 overlays/default.nix diff --git a/README.md b/README.md index 32b2a225..94476a57 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ +- https://nixos-and-flakes.thiscute.world/ ## Configuration set up git configuration for local development: `git config core.hooksPath .hooks` diff --git a/flake.nix b/flake.nix index efffbd27..aaf22666 100644 --- a/flake.nix +++ b/flake.nix @@ -47,7 +47,6 @@ }; outputs = { - self, nixpkgs, disko, nixos-hardware, @@ -60,22 +59,28 @@ home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs;}; }; - forEachSystem = nixpkgs.lib.genAttrs [ + systems = [ "aarch64-darwin" "aarch64-linux" "x86_64-darwin" "x86_64-linux" ]; + forEachSystem = nixpkgs.lib.genAttrs systems; forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); lib = callPackage ./util {} // nixpkgs.lib; in { + packages = forEachPkgs (import ./pkgs); + + formatter = forEachPkgs (system: system.alejandra); + nixosConfigurations = { # Leyla Laptop horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + ./overlays home-manager.nixosModules.home-manager home-manager-config ./hosts/horizon/configuration.nix @@ -86,6 +91,7 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + ./overlays home-manager.nixosModules.home-manager home-manager-config ./hosts/twilight/configuration.nix @@ -95,6 +101,7 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + ./overlays disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 00000000..4957ab82 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,7 @@ +{...}: { + nixpkgs.overlays = [ + ( + self: super: import ../pkgs {pkgs = super;} + ) + ]; +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 87a13d7f..b02ba6c1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,2 +1,3 @@ -_: { +{...}: { + # package = pkgs.callPackage ./package.nix {}; } diff --git a/users/leyla/default.nix b/users/leyla/default.nix index 2698b8e2..2c1f87bf 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -27,7 +27,7 @@ in { then { isNormalUser = true; extraGroups = ( - ["networkmanager" "wheel"] + ["networkmanager" "wheel" "dialout"] ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers" ); diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix index 1406f6de..8aa3a727 100644 --- a/users/leyla/packages.nix +++ b/users/leyla/packages.nix @@ -61,6 +61,8 @@ in { dbeaver-bin bruno qFlipper + proxmark3 + mfoc # system tools protonvpn-gui From 3e11cfd967714bc3e4665db4bca6673a5d29bf8a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 2 Nov 2024 15:58:03 -0500 Subject: [PATCH 318/932] fixed configs connection to nginx --- enviroments/common/default.nix | 11 +++ enviroments/server/default.nix | 153 ++++++++++++++++++++++++++------- 2 files changed, 133 insertions(+), 31 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index db170dbe..c07382f2 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -86,6 +86,12 @@ group = "hass"; isSystemUser = true; }; + + headscale = { + uid = 2005; + group = "headscale"; + isSystemUser = true; + }; }; groups = { @@ -133,6 +139,11 @@ gid = lib.mkForce 2004; members = ["hass" "leyla"]; }; + + headscale = { + gid = 2005; + members = ["headscale"]; + }; }; }; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 7d44a147..fee58c6a 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -4,7 +4,13 @@ pkgs, inputs, ... -}: { +}: let + jellyfinPort = 8096; + nfsPort = 2049; + dnsPort = 53; + httpPort = 80; + httpsPort = 443; +in { imports = [ ../common ]; @@ -47,6 +53,11 @@ description = "subdomain of base domain that headscale will be hosted at"; default = "headscale"; }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that headscale will be hosted at"; + default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; + }; }; jellyfin = { subdomain = lib.mkOption { @@ -59,6 +70,43 @@ description = "hosname that jellyfin will be hosted at"; default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; + directory = { + root = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will be at"; + default = "/home/jellyfin"; + }; + mediaDirectoryName = lib.mkOption { + type = lib.types.str; + description = "name of the directory to store the media in"; + default = "media"; + }; + mediaDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will store its media in"; + default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.mediaDirectoryName}"; + }; + dataDirectoryName = lib.mkOption { + type = lib.types.str; + description = "name of the directory to store the config in"; + default = "data"; + }; + dataDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will store its config in"; + default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.dataDirectoryName}"; + }; + cacheDirectoryName = lib.mkOption { + type = lib.types.str; + description = "name of the directory to store the cache in"; + default = "cache"; + }; + cacheDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will store its cache in"; + default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.cacheDirectoryName}"; + }; + }; }; forgejo = { subdomain = lib.mkOption { @@ -151,10 +199,10 @@ systemd = { tmpfiles.rules = [ - "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server - "d /home/jellyfin/config 750 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" # is /home/docker/jellyfin/cache on existing server + "d ${config.apps.jellyfin.directory.root} 755 jellyfin jellyfin -" + "d ${config.apps.jellyfin.directory.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server + "d ${config.apps.jellyfin.directory.dataDirectory} 2770 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server + "d ${config.apps.jellyfin.directory.cacheDirectory} 2750 jellyfin jellyfin -" # is /home/docker/jellyfin/cache on existing server "d /home/forgejo 750 forgejo forgejo -" "d /home/forgejo/data 750 forgejo forgejo -" # is /home/docker/forgejo on existing server "d /home/pihole 750 pihole pihole -" # is /home/docker/pihole on old system @@ -230,28 +278,57 @@ postgresql = { enable = true; - ensureDatabases = ["forgejo"]; + ensureDatabases = ["forgejo" "headscale"]; + ensureUsers = [ + { + name = "postgres"; + } + { + name = "forgejo"; + } + { + name = "headscale"; + } + ]; identMap = '' # ArbitraryMapName systemUser DBUser - superuser_map root postgres + + # Administration Users superuser_map postgres postgres + superuser_map root postgres + superuser_map leyla postgres + + # Client Users superuser_map forgejo forgejo + # superuser_map headscale headscale ''; # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' # type database DBuser auth-method optional_ident_map - local sameuser all peer map=superuser_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map ''; }; headscale = { enable = true; + user = "headscale"; + group = "headscale"; address = "0.0.0.0"; port = 8080; settings = { - # server_url = "http://${config.apps.headscale.subdomain}.${config.apps.base_domain}"; - dns.base_domain = config.apps.base_domain; - logtail.enabled = false; + server_url = "https://${config.apps.headscale.hostname}"; + dns.base_domain = "clients.${config.apps.headscale.hostname}"; + logtail.enabled = true; + # database = { + # type = "postgres"; + # postgres = { + # host = "localhost"; + # port = 5432; + # user = "headscale"; + # name = "headscale"; + # }; + # }; }; }; @@ -259,13 +336,19 @@ enable = true; user = "jellyfin"; group = "jellyfin"; - dataDir = "/home/jellyfin/config"; - cacheDir = "/home/jellyfin/cache"; + dataDir = config.apps.jellyfin.directory.dataDirectory; + cacheDir = config.apps.jellyfin.directory.cacheDirectory; }; forgejo = { enable = true; - database.type = "postgres"; + database = { + type = "postgres"; + host = "localhost"; + port = 5432; + user = "forgejo"; + name = "forgejo"; + }; lfs.enable = true; settings = { server = { @@ -278,7 +361,7 @@ }; home-assistant = { - enable = true; + enable = false; configDir = "/home/hass"; config.http = { server_port = 8082; @@ -295,42 +378,41 @@ settings = { server = { port = 8083; - base_url = config.apps.searx.hostname; secret_key = "@SEARXNG_SECRET@"; }; }; }; nginx = { - enable = false; # TODO: enable this when you want to test all the configs + enable = true; virtualHosts = { ${config.apps.headscale.hostname} = { - forceSSL = true; - enableACME = true; + # forceSSL = true; + # enableACME = true; locations."/" = { proxyPass = "http://localhost:${toString config.services.headscale.port}"; proxyWebsockets = true; }; }; ${config.apps.jellyfin.hostname} = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:8096"; + # forceSSL = true; + # enableACME = true; + locations."/".proxyPass = "http://localhost:${toString jellyfinPort}"; }; ${config.apps.forgejo.hostname} = { - forceSSL = true; - enableACME = true; + # forceSSL = true; + # enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }; ${config.apps.home-assistant.hostname} = { - forceSSL = true; - enableACME = true; + # forceSSL = true; + # enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; }; ${config.apps.searx.hostname} = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.port}"; + # forceSSL = true; + # enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}"; }; }; }; @@ -341,8 +423,17 @@ defaults.email = "jan-leila@protonmail.com"; }; - # TODO: remove 8081, 8082, 8083 when nginx is enabled - networking.firewall.allowedTCPPorts = [53 2049 3000 8081 8082 8083]; + networking.firewall.allowedTCPPorts = [ + httpPort + httpsPort + dnsPort + nfsPort + jellyfinPort + config.services.headscale.port + config.services.forgejo.settings.server.HTTP_PORT + # config.services.home-assistant.config.http.server_port + config.services.searx.settings.server.port + ]; environment.systemPackages = [ config.services.headscale.package From 4e08a8ecf721e2f347dffe211694aab2fef1b1c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 17:15:48 -0600 Subject: [PATCH 319/932] removed rev number from install script --- install.sh | 2 +- secrets | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index 882a9359..bed56a92 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target +nix run github:nix-community/nixos-anywhere -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target diff --git a/secrets b/secrets index 73b4f304..ef623d6a 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 73b4f304d4445e8ce53f395e78289f264753efeb +Subproject commit ef623d6a9e25c1f0ec9d282ab5ed5dff54674816 From 87895e29b592cf4c881f95604ea3a1fc57ad99ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 17:47:09 -0600 Subject: [PATCH 320/932] fixed database and permissions on service directories --- README.md | 3 - enviroments/common/default.nix | 11 ++ enviroments/server/default.nix | 176 +++++++++++++++++--------------- flake.lock | 48 +++++---- hosts/defiant/configuration.nix | 4 +- 5 files changed, 130 insertions(+), 112 deletions(-) diff --git a/README.md b/README.md index 94476a57..5f4848e8 100644 --- a/README.md +++ b/README.md @@ -49,8 +49,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- searxng -- nextcloud ??? - samba mounts - firefox declarative??? - figure out steam vr things? @@ -59,7 +57,6 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- headscale server (just needs to be tested) - mastodon server - tail scale clients - wake on LAN diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index c07382f2..8df4c0ef 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -92,6 +92,12 @@ group = "headscale"; isSystemUser = true; }; + + nextcloud = { + uid = 2006; + group = "nextcloud"; + isSystemUser = true; + }; }; groups = { @@ -144,6 +150,11 @@ gid = 2005; members = ["headscale"]; }; + + nextcloud = { + gid = 2006; + members = ["nextcloud"]; + }; }; }; diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index fee58c6a..4cd45ffb 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -10,6 +10,7 @@ dnsPort = 53; httpPort = 80; httpsPort = 443; + isDebug = false; in { imports = [ ../common @@ -46,6 +47,18 @@ in { type = lib.types.str; description = "ip address to use for pi-hole"; }; + directory = { + root = lib.mkOption { + type = lib.types.str; + description = "directory that piholes will be hosted at"; + default = "/var/lib/pihole"; + }; + data = lib.mkOption { + type = lib.types.str; + description = "directory that piholes data will be hosted at"; + default = "${config.apps.pihole.directory.root}/data"; + }; + }; }; headscale = { subdomain = lib.mkOption { @@ -70,48 +83,16 @@ in { description = "hosname that jellyfin will be hosted at"; default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; - directory = { - root = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will be at"; - default = "/home/jellyfin"; - }; - mediaDirectoryName = lib.mkOption { - type = lib.types.str; - description = "name of the directory to store the media in"; - default = "media"; - }; - mediaDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will store its media in"; - default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.mediaDirectoryName}"; - }; - dataDirectoryName = lib.mkOption { - type = lib.types.str; - description = "name of the directory to store the config in"; - default = "data"; - }; - dataDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will store its config in"; - default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.dataDirectoryName}"; - }; - cacheDirectoryName = lib.mkOption { - type = lib.types.str; - description = "name of the directory to store the cache in"; - default = "cache"; - }; - cacheDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will store its cache in"; - default = "${config.apps.jellyfin.directory.root}/${config.apps.jellyfin.directory.cacheDirectoryName}"; - }; + mediaDirectory = lib.mkOption { + type = lib.types.str; + description = "directory that jellyfin will be at"; + default = "/home/jellyfin"; }; }; forgejo = { subdomain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that foregjo will be hosted at"; + description = "subdomain of base domain that forgejo will be hosted at"; default = "forgejo"; }; hostname = lib.mkOption { @@ -144,6 +125,18 @@ in { default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; }; }; + nextcloud = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that nextcloud will be hosted at"; + default = "nextcloud"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that nextcloud will be hosted at"; + default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}"; + }; + }; }; }; @@ -155,6 +148,10 @@ in { "services/searx" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/nextcloud_adminpass" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + owner = config.users.users.nextcloud.name; + }; }; virtualisation = { @@ -178,7 +175,7 @@ in { in { image = config.apps.pihole.image; volumes = [ - "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules + "${config.apps.pihole.directory.data}:/etc/pihole:rw" "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" ]; environment = { @@ -197,16 +194,12 @@ in { }; }; + # TODO: dynamic users systemd = { tmpfiles.rules = [ - "d ${config.apps.jellyfin.directory.root} 755 jellyfin jellyfin -" - "d ${config.apps.jellyfin.directory.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server - "d ${config.apps.jellyfin.directory.dataDirectory} 2770 jellyfin jellyfin -" # is /home/docker/jellyfin/config on existing server - "d ${config.apps.jellyfin.directory.cacheDirectory} 2750 jellyfin jellyfin -" # is /home/docker/jellyfin/cache on existing server - "d /home/forgejo 750 forgejo forgejo -" - "d /home/forgejo/data 750 forgejo forgejo -" # is /home/docker/forgejo on existing server - "d /home/pihole 750 pihole pihole -" # is /home/docker/pihole on old system - "d /home/hass 750 hass hass -" # is /home/docker/hass on old system + "d ${config.apps.jellyfin.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server + "d ${config.apps.pihole.directory.root} 755 pihole pihole -" # is /home/docker/pihole on old system + "d ${config.apps.pihole.directory.data} 755 pihole pihole -" # is /home/docker/pihole on old system ]; services = { @@ -241,6 +234,13 @@ in { partOf = ["podman-compose-root.target"]; wantedBy = ["podman-compose-root.target"]; }; + # nextcloud-setup = { + # after = ["network.target"]; + # }; + headscale = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; }; # disable computer sleeping @@ -278,18 +278,24 @@ in { postgresql = { enable = true; - ensureDatabases = ["forgejo" "headscale"]; ensureUsers = [ { name = "postgres"; } { name = "forgejo"; + ensureDBOwnership = true; } { name = "headscale"; + ensureDBOwnership = true; } ]; + ensureDatabases = [ + "forgejo" + "headscale" + # "nextcloud" + ]; identMap = '' # ArbitraryMapName systemUser DBUser @@ -300,13 +306,13 @@ in { # Client Users superuser_map forgejo forgejo - # superuser_map headscale headscale + superuser_map headscale headscale ''; # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map ''; }; @@ -320,34 +326,27 @@ in { server_url = "https://${config.apps.headscale.hostname}"; dns.base_domain = "clients.${config.apps.headscale.hostname}"; logtail.enabled = true; - # database = { - # type = "postgres"; - # postgres = { - # host = "localhost"; - # port = 5432; - # user = "headscale"; - # name = "headscale"; - # }; - # }; + database = { + type = "postgres"; + postgres = { + host = "/run/postgresql"; + port = config.services.postgresql.settings.port; + user = "headscale"; + name = "headscale"; + }; + }; }; }; jellyfin = { enable = true; - user = "jellyfin"; - group = "jellyfin"; - dataDir = config.apps.jellyfin.directory.dataDirectory; - cacheDir = config.apps.jellyfin.directory.cacheDirectory; }; forgejo = { enable = true; database = { type = "postgres"; - host = "localhost"; - port = 5432; - user = "forgejo"; - name = "forgejo"; + socket = "/run/postgresql"; }; lfs.enable = true; settings = { @@ -355,14 +354,11 @@ in { DOMAIN = config.apps.forgejo.hostname; HTTP_PORT = 8081; }; - service.DISABLE_REGISTRATION = true; }; - stateDir = "/home/forgejo/data"; }; home-assistant = { - enable = false; - configDir = "/home/hass"; + enable = true; config.http = { server_port = 8082; use_x_forwarded_for = true; @@ -383,6 +379,16 @@ in { }; }; + # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + hostName = config.apps.nextcloud.hostname; + config = { + adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; + }; + }; + nginx = { enable = true; virtualHosts = { @@ -423,17 +429,21 @@ in { defaults.email = "jan-leila@protonmail.com"; }; - networking.firewall.allowedTCPPorts = [ - httpPort - httpsPort - dnsPort - nfsPort - jellyfinPort - config.services.headscale.port - config.services.forgejo.settings.server.HTTP_PORT - # config.services.home-assistant.config.http.server_port - config.services.searx.settings.server.port - ]; + networking.firewall.allowedTCPPorts = + [ + httpPort + httpsPort + dnsPort + nfsPort + ] + ++ (lib.optional isDebug [ + jellyfinPort + config.services.headscale.port + config.services.forgejo.settings.server.HTTP_PORT + config.services.home-assistant.config.http.server_port + config.services.postgresql.settings.port + config.services.searx.settings.server.port + ]); environment.systemPackages = [ config.services.headscale.package diff --git a/flake.lock b/flake.lock index 7fc8f4bc..4d181fae 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1729281548, - "narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=", + "lastModified": 1730751873, + "narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=", "owner": "nix-community", "repo": "disko", - "rev": "a6a3179ddf396dfc28a078e2f169354d0c137125", + "rev": "856a2902156ba304efebd4c1096dbf7465569454", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1729551526, - "narHash": "sha256-7LAGY32Xl14OVQp3y6M43/0AtHYYvV6pdyBcp3eoz0s=", + "lastModified": 1730633670, + "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ec753a1fc4454df9285d8b3ec0809234defb975", + "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1729475384, - "narHash": "sha256-x7ODafOKfxXMdgs/wPXVpmf04vOr7cJLEDWYT/TBjY0=", + "lastModified": 1730685024, + "narHash": "sha256-w0cQSTjLBaUSziPGwyI0nbWVD64+N3ByoSxC0CEZmeI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "77a421d6c7ea09381c7e33d90c3017c9727dfbc3", + "rev": "16ca007ec37c29a8b97e4899f33c013defbdb2f9", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1729509737, - "narHash": "sha256-8OHgqz+tFo21h3hg4/GHizFPws+MMzpEru/+62Z0E8c=", + "lastModified": 1730537918, + "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc2d3c0e060f981905d52337340ee6ec8b8eb037", + "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", "type": "github" }, "original": { @@ -114,11 +114,9 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729256560, - "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", + "rev": "6eef3d72452247a6d9baafe05cffc1c9bc93f1c4", "type": "github" }, "original": { @@ -130,11 +128,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1729357638, - "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", + "lastModified": 1730602179, + "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22", + "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "type": "github" }, "original": { @@ -158,11 +156,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1729353554, - "narHash": "sha256-mLf7siPN9HtpZIZZA1eubwNTyVsIS/kHzWvJ+oX88xU=", + "lastModified": 1730665670, + "narHash": "sha256-MMwH5IcaslEWqeHaNqSjAsGWoS2NJ5qiIE7RLiJG+28=", "ref": "main", - "rev": "73b4f304d4445e8ce53f395e78289f264753efeb", - "revCount": 3, + "rev": "ef623d6a9e25c1f0ec9d282ab5ed5dff54674816", + "revCount": 6, "type": "git", "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" }, @@ -180,11 +178,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1729394972, - "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=", + "lastModified": 1730746162, + "narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5", + "rev": "59d6988329626132eaf107761643f55eb979eef1", "type": "github" }, "original": { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 07017bd7..76dba609 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -1,6 +1,5 @@ # server nas { - config, pkgs, inputs, ... @@ -47,6 +46,9 @@ forgejo = { subdomain = "git"; }; + nextcloud = { + subdomain = "drive"; + }; }; services = { From c4cf83298f0a687913e5e7ba905d62bbfa74f757 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 17:49:44 -0600 Subject: [PATCH 321/932] added tail scale to clients --- enviroments/client/default.nix | 4 ++++ hosts/horizon/configuration.nix | 7 +------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 0e07090a..921d7b55 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -48,6 +48,10 @@ # no need to redefine it in your config for now) #media-session.enable = true; }; + + tailscale = { + enable = true; + }; }; # Enable sound with pipewire. diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index f49e83d2..15a52e9a 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,10 +1,5 @@ # leyla laptop -{ - config, - pkgs, - inputs, - ... -}: { +{inputs, ...}: { imports = [ inputs.home-manager.nixosModules.default inputs.sops-nix.nixosModules.sops From 89bbccb9db7a5a28e55fb79cd2e48c3e9c86f3f2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Nov 2024 22:25:10 -0600 Subject: [PATCH 322/932] added user dirs to leyla home manager --- users/leyla/home.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 14f4e8ba..342be5ea 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -1,5 +1,4 @@ { - lib, pkgs, osConfig, ... @@ -37,6 +36,25 @@ # org.gradle.console=verbose # org.gradle.daemon.idletimeout=3600000 # ''; + ".config/user-dirs.dirs" = { + force = true; + text = '' + # This file is written by xdg-user-dirs-update + # If you want to change or add directories, just edit the line you're + # interested in. All local changes will be retained on the next run. + # Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped + # homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an + # absolute path. No other format is supported. + # + XDG_DESKTOP_DIR="$HOME/desktop" + XDG_DOWNLOAD_DIR="$HOME/downloads" + XDG_DOCUMENTS_DIR="$HOME/documents" + XDG_TEMPLATES_DIR="$HOME/documents/templates" + XDG_MUSIC_DIR="$HOME/documents/music" + XDG_PICTURES_DIR="$HOME/documents/photos" + XDG_VIDEOS_DIR="$HOME/documents/videos" + ''; + }; }; # Home Manager can also manage your environment variables through From 8553f6fcd8ec55a8be748f2cc74b3b6d130ae351 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 17:12:31 -0600 Subject: [PATCH 323/932] disabled tails scale on clients --- enviroments/client/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 921d7b55..16e32631 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -49,9 +49,9 @@ #media-session.enable = true; }; - tailscale = { - enable = true; - }; + # tailscale = { + # enable = true; + # }; }; # Enable sound with pipewire. From 818110419ef458fa8a5487ce2a49c9ee0f103385 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 17:16:09 -0600 Subject: [PATCH 324/932] added public share to leyla home --- users/leyla/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 342be5ea..c74037a4 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -53,6 +53,7 @@ XDG_MUSIC_DIR="$HOME/documents/music" XDG_PICTURES_DIR="$HOME/documents/photos" XDG_VIDEOS_DIR="$HOME/documents/videos" + XDG_PUBLICSHARE_DIR="$HOME/documents/public" ''; }; }; From 22f6a37ea89f7247008e9afccfcc8ecf277a8fc0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 17:17:50 -0600 Subject: [PATCH 325/932] drafted out impermanence for defiant --- README.md | 2 +- flake.lock | 16 ++++ flake.nix | 6 ++ hosts/defiant/disko-config.nix | 91 +++++++++--------- hosts/defiant/hardware-configuration.nix | 113 ++++++++++++++++++++++- 5 files changed, 182 insertions(+), 46 deletions(-) diff --git a/README.md b/README.md index 5f4848e8..e94d8b36 100644 --- a/README.md +++ b/README.md @@ -60,4 +60,4 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords. - mastodon server - tail scale clients - wake on LAN -- ISO target that contains authorized keys for nixos-anywhere \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file diff --git a/flake.lock b/flake.lock index 4d181fae..ed31d1e9 100644 --- a/flake.lock +++ b/flake.lock @@ -74,6 +74,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1730403150, + "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat", @@ -146,6 +161,7 @@ "inputs": { "disko": "disko", "home-manager": "home-manager", + "impermanence": "impermanence", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index aaf22666..7e716ecb 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + impermanence = { + url = "github:nix-community/impermanence"; + }; + # users home directories home-manager = { url = "github:nix-community/home-manager"; @@ -49,6 +53,7 @@ outputs = { nixpkgs, disko, + impermanence, nixos-hardware, home-manager, ... @@ -102,6 +107,7 @@ specialArgs = {inherit inputs lib;}; modules = [ ./overlays + impermanence.nixosModules.impermanence disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix index a913aeb9..0be19c48 100644 --- a/hosts/defiant/disko-config.nix +++ b/hosts/defiant/disko-config.nix @@ -1,10 +1,9 @@ -{lib, ...}: let +{...}: let bootDisk = devicePath: { type = "disk"; device = devicePath; content = { type = "gpt"; - partitions = { boot = { size = "1M"; @@ -32,37 +31,37 @@ size = "100%"; content = { type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - }; - cacheDisk = devicePath: swapSize: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - encryptedSwap = { - size = swapSize; - content = { - type = "swap"; - randomEncryption = true; - discardPolicy = "both"; - resumeDevice = true; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; + pool = "rpool"; }; }; }; }; }; + # cacheDisk = devicePath: swapSize: { + # type = "disk"; + # device = devicePath; + # content = { + # type = "gpt"; + # partitions = { + # encryptedSwap = { + # size = swapSize; + # content = { + # type = "swap"; + # randomEncryption = true; + # discardPolicy = "both"; + # resumeDevice = true; + # }; + # }; + # zfs = { + # size = "100%"; + # content = { + # type = "zfs"; + # pool = "rpool"; + # }; + # }; + # }; + # }; + # }; in { disko.devices = { disk = { @@ -75,7 +74,7 @@ in { # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; }; zpool = { - zroot = { + rpool = { type = "zpool"; mode = { topology = { @@ -92,7 +91,7 @@ in { } ]; cache = []; - # cache = [ "ssd_2_tb_a" ]; + # cache = [ "ssd_2_tb_a" ];z }; }; @@ -101,34 +100,40 @@ in { }; rootFsOptions = { - encryption = "on"; - keyformat = "hex"; - keylocation = "prompt"; + # encryption = "on"; + # keyformat = "hex"; + # keylocation = "prompt"; compression = "lz4"; xattr = "sa"; acltype = "posixacl"; + canmount = "off"; "com.sun:auto-snapshot" = "false"; }; - mountpoint = "/"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; - datasets = { - "nix" = { + root = { + type = "zfs_fs"; + mountpoint = "/"; + options.mountpoint = "legacy"; + postCreateHook = "zfs snapshot rpool/root@blank"; + }; + home = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + postCreateHook = "zfs snapshot rpool/home@blank"; + }; + nix = { type = "zfs_fs"; mountpoint = "/nix"; }; - "home" = { + persistent = { type = "zfs_fs"; - mountpoint = "/mnt/home"; + mountpoint = "/persistent"; options = { "com.sun:auto-snapshot" = "true"; }; }; - "var" = { - type = "zfs_fs"; - mountpoint = "/var"; - }; }; }; }; diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index edfaeeea..0d345f28 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -2,9 +2,9 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { + pkgs, config, lib, - pkgs, modulesPath, ... }: { @@ -13,27 +13,136 @@ ../hardware-common.nix ]; + security.sudo.extraConfig = "Defaults lecture=never"; + boot = { initrd = { availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; kernelModules = []; + # TODO: figure out some kind of snapshotting before rolebacks + # postDeviceCommands = lib.mkAfter '' + # zfs rollback -r rpool/root@blank + # zfs rollback -r rpool/home@blank + # ''; + systemd = { + enable = lib.mkDefault true; + services.rollback = { + description = "Rollback root filesystem to a pristine state on boot"; + wantedBy = [ + "zfs.target" + "initrd.target" + ]; + after = [ + "zfs-import-rpool.service" + ]; + before = [ + "sysroot.mount" + "fs.target" + ]; + path = with pkgs; [ + zfs + ]; + unitConfig.DefaultDependencies = "no"; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = + # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; + # }; + serviceConfig.Type = "oneshot"; + script = '' + zfs list -t snapshot || echo + zfs rollback -r rpool/root@blank + zfs rollback -r rpool/home@blank + ''; + }; + }; }; kernelModules = ["kvm-amd"]; + kernelParams = ["quiet"]; extraModulePackages = []; supportedFilesystems = ["zfs"]; - zfs.extraPools = ["zroot"]; + zfs.extraPools = ["rpool"]; }; swapDevices = []; + fileSystems = { + "/" = { + neededForBoot = true; + }; + + "/home" = { + neededForBoot = true; + }; + + "/persistent" = { + neededForBoot = true; + }; + }; + networking = { hostId = "c51763d6"; hostName = "defiant"; # Define your hostname. useNetworkd = true; }; + environment.persistence."/persistent" = { + enable = true; + hideMounts = true; + directories = [ + # "/run/secrets" + + "/etc/ssh" + + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + + # config.apps.pihole.directory.root + + # config.apps.jellyfin.mediaDirectory + # config.services.jellyfin.configDir + # config.services.jellyfin.cacheDir + # config.services.jellyfin.dataDir + + # "/var/hass" # config.users.users.hass.home + # "/var/postgresql" # config.users.users.postgresql.home + # "/var/forgejo" # config.users.users.forgejo.home + # "/var/nextcloud" # config.users.users.nextcloud.home + # "/var/headscale" # config.users.users.headscale.home + ]; + files = [ + "/etc/machine-id" + # config.environment.sessionVariables.SOPS_AGE_KEY_FILE + ]; + users.leyla = { + directories = [ + "documents" + ".ssh" + ]; + files = []; + }; + }; + + # systemd.services = { + # # https://github.com/openzfs/zfs/issues/10891 + # systemd-udev-settle.enable = false; + # # Snapshots are not accessable on boot for some reason this should fix it + # # https://github.com/NixOS/nixpkgs/issues/257505 + # zfs-mount = { + # serviceConfig = { + # # ExecStart = [ "${lib.getExe' pkgs.util-linux "mount"} -a -t zfs -o remount" ]; + # ExecStart = [ + # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/root -o remount" + # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/home -o remount" + # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" + # ]; + # }; + # }; + # }; + systemd.network = { enable = true; From 64d547aa16f52f757a7e1cdc459ba69f6a87eea7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 18:38:44 -0600 Subject: [PATCH 326/932] switched to using dev shells for local development environment --- .envrc | 1 + .gitignore | 3 ++- .hooks/post-commit | 3 ++- .hooks/pre-commit | 5 +++-- README.md | 14 ++++++-------- const/sops_age_key_directory.nix | 1 + enviroments/common/default.nix | 2 +- flake.lock | 17 ++++++++++++++++- flake.nix | 18 +++++++++++++++++- install.sh | 2 +- lint.sh | 3 --- shell.nix | 14 ++++++++++++++ 12 files changed, 64 insertions(+), 19 deletions(-) create mode 100644 .envrc create mode 100644 const/sops_age_key_directory.nix delete mode 100755 lint.sh create mode 100644 shell.nix diff --git a/.envrc b/.envrc new file mode 100644 index 00000000..8392d159 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake \ No newline at end of file diff --git a/.gitignore b/.gitignore index e2f5dd2e..d1da3a8f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -result \ No newline at end of file +result +.direnv \ No newline at end of file diff --git a/.hooks/post-commit b/.hooks/post-commit index 93d7f156..56c439da 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -1,4 +1,5 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix echo "restoring stashed changes" diff --git a/.hooks/pre-commit b/.hooks/pre-commit index 6687ec0f..f98c64f8 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,4 +1,5 @@ -#!/usr/bin/env bash +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix echo "stashing all uncommitted changes" git stash -q --keep-index @@ -11,7 +12,7 @@ if [ ! $? -eq 0 ]; then fi echo "running linter" -./lint.sh +alejandra -q . RESULT=$? diff --git a/README.md b/README.md index e94d8b36..afd4f907 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,8 @@ | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | | `defiant` | NAS Server | Leyla | Service | -| `emergent` | Desktop Computer | Eve | Laptop | -| `threshold` | Laptop | Eve | Desktop | +| `emergent` | Desktop Computer | Eve | Desktop | +| `threshold` | Laptop | Eve | Laptop | # Tooling ## Lint @@ -22,10 +22,13 @@ ## New host setup `./install.sh --target 192.168.1.130 --flake hostname` +## Updating Secrets +`sops -c sops secrets/secrets_file_here.yaml` + # Notes: ## Research topics -- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` +- Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ @@ -33,11 +36,6 @@ - This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ - https://nixos-and-flakes.thiscute.world/ -## Configuration -set up git configuration for local development: `git config core.hooksPath .hooks` - -to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.yaml` (NOTE: this depends on the SOPS_AGE_KEY_DIRECTORY environment variable being set) - # Tasks: ## Tech Debt diff --git a/const/sops_age_key_directory.nix b/const/sops_age_key_directory.nix new file mode 100644 index 00000000..cf948df6 --- /dev/null +++ b/const/sops_age_key_directory.nix @@ -0,0 +1 @@ +"/var/lib/sops-nix" diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8df4c0ef..36b86ac9 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -196,7 +196,7 @@ ]; sessionVariables = rec { - SOPS_AGE_KEY_DIRECTORY = "/var/lib/sops-nix"; + SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix; SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; }; }; diff --git a/flake.lock b/flake.lock index ed31d1e9..f77c46a2 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,20 @@ } }, "flake-compat": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -91,7 +105,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" @@ -160,6 +174,7 @@ "root": { "inputs": { "disko": "disko", + "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", "nix-vscode-extensions": "nix-vscode-extensions", diff --git a/flake.nix b/flake.nix index 7e716ecb..1d104850 100644 --- a/flake.nix +++ b/flake.nix @@ -48,6 +48,10 @@ nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; }; + + flake-compat = { + url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; + }; }; outputs = { @@ -78,7 +82,19 @@ in { packages = forEachPkgs (import ./pkgs); - formatter = forEachPkgs (system: system.alejandra); + formatter = forEachPkgs (pkgs: pkgs.alejandra); + + devShells = forEachPkgs (pkgs: { + default = pkgs.mkShell { + packages = with pkgs; [git sops alejandra nixos-anywhere]; + + SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; + + shellHook = '' + git config core.hooksPath .hooks + ''; + }; + }); nixosConfigurations = { # Leyla Laptop diff --git a/install.sh b/install.sh index bed56a92..0ed7cb85 100755 --- a/install.sh +++ b/install.sh @@ -51,4 +51,4 @@ mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY # commit number in this is because the main branch of nixos-anywhere is broken right now -nix run github:nix-community/nixos-anywhere -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target +nixos-anywhere --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target diff --git a/lint.sh b/lint.sh deleted file mode 100755 index 3fc29e9b..00000000 --- a/lint.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -nix run git+https://github.com/kamadorueda/alejandra -- -q . diff --git a/shell.nix b/shell.nix new file mode 100644 index 00000000..d7c46b9e --- /dev/null +++ b/shell.nix @@ -0,0 +1,14 @@ +( + import + ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + {src = ./.;} +) +.shellNix From 0bea01b6ba4e9c254c1363f02f332f8ddb5c038c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 19:01:56 -0600 Subject: [PATCH 327/932] installed lix on horizon --- flake.lock | 142 +++++++++++++++++++++++++++++++++++++++++++---------- flake.nix | 11 ++++- 2 files changed, 126 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index f77c46a2..4854b9d4 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1730751873, - "narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=", + "lastModified": 1731274291, + "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", "owner": "nix-community", "repo": "disko", - "rev": "856a2902156ba304efebd4c1096dbf7465569454", + "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", "type": "github" }, "original": { @@ -24,14 +24,15 @@ "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" + "type": "github" }, "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" } }, "flake-compat_2": { @@ -54,6 +55,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -68,6 +87,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -75,11 +109,11 @@ ] }, "locked": { - "lastModified": 1730633670, - "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", + "lastModified": 1731235328, + "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", "owner": "nix-community", "repo": "home-manager", - "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", + "rev": "60bb110917844d354f3c18e05450606a435d2d10", "type": "github" }, "original": { @@ -90,11 +124,11 @@ }, "impermanence": { "locked": { - "lastModified": 1730403150, - "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", + "lastModified": 1731242966, + "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", "owner": "nix-community", "repo": "impermanence", - "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", + "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", "type": "github" }, "original": { @@ -103,20 +137,58 @@ "type": "github" } }, - "nix-vscode-extensions": { + "lix": { + "flake": false, + "locked": { + "lastModified": 1729298361, + "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", + "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + } + }, + "lix-module": { "inputs": { - "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1730685024, - "narHash": "sha256-w0cQSTjLBaUSziPGwyI0nbWVD64+N3ByoSxC0CEZmeI=", + "lastModified": 1729360442, + "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "ref": "stable", + "rev": "2bbdcd73b9a464f8acf45a7100feb979883ba485", + "revCount": 110, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + }, + "original": { + "ref": "stable", + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + } + }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731289628, + "narHash": "sha256-bMqsWKoGMe4phm6xk2skjlGCCVv44AOom7Wb0eWv5Ic=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "16ca007ec37c29a8b97e4899f33c013defbdb2f9", + "rev": "91665308e59ce26cdcefa73dc85dfd9b39be725c", "type": "github" }, "original": { @@ -127,11 +199,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730537918, - "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", + "lastModified": 1731332224, + "narHash": "sha256-0ctfVp27ingWtY7dbP5+QpSQ98HaOZleU0teyHQUAw0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", + "rev": "184687ae1a3139faa4746168baf071f60d0310c8", "type": "github" }, "original": { @@ -143,9 +215,11 @@ }, "nixpkgs": { "locked": { + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6eef3d72452247a6d9baafe05cffc1c9bc93f1c4", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", "type": "github" }, "original": { @@ -177,6 +251,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", @@ -209,11 +284,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1730746162, - "narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", + "lastModified": 1731364708, + "narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "59d6988329626132eaf107761643f55eb979eef1", + "rev": "4c91d52db103e757fc25b58998b0576ae702d659", "type": "github" }, "original": { @@ -236,6 +311,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 1d104850..02d86d74 100644 --- a/flake.nix +++ b/flake.nix @@ -50,7 +50,12 @@ }; flake-compat = { - url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; + url = "github:edolstra/flake-compat"; + }; + + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; @@ -60,6 +65,7 @@ impermanence, nixos-hardware, home-manager, + lix-module, ... } @ inputs: let home-manager-config = { @@ -101,6 +107,7 @@ horizon = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + lix-module.nixosModules.default ./overlays home-manager.nixosModules.home-manager home-manager-config @@ -112,6 +119,7 @@ twilight = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + lix-module.nixosModules.default ./overlays home-manager.nixosModules.home-manager home-manager-config @@ -122,6 +130,7 @@ defiant = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs lib;}; modules = [ + lix-module.nixosModules.default ./overlays impermanence.nixosModules.impermanence disko.nixosModules.disko From 5ba3a082e6cc081f347f9c1830858f30741c1571 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 19:06:51 -0600 Subject: [PATCH 328/932] disabled impermanence --- enviroments/common/default.nix | 7 -- flake.lock | 16 --- flake.nix | 10 +- hosts/defiant/hardware-configuration.nix | 151 +++++++++++------------ 4 files changed, 80 insertions(+), 104 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 36b86ac9..8b18f78e 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -178,13 +178,6 @@ environment = { # List packages installed in system profile. systemPackages = with pkgs; [ - qemu - (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' - qemu-system-x86_64 \ - -bios ${OVMF.fd}/FV/OVMF.fd \ - "$@" - '') - wget # version control diff --git a/flake.lock b/flake.lock index 4854b9d4..b092a6d1 100644 --- a/flake.lock +++ b/flake.lock @@ -122,21 +122,6 @@ "type": "github" } }, - "impermanence": { - "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, "lix": { "flake": false, "locked": { @@ -250,7 +235,6 @@ "disko": "disko", "flake-compat": "flake-compat", "home-manager": "home-manager", - "impermanence": "impermanence", "lix-module": "lix-module", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index 02d86d74..7d24c4c5 100644 --- a/flake.nix +++ b/flake.nix @@ -23,9 +23,9 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - impermanence = { - url = "github:nix-community/impermanence"; - }; + # impermanence = { + # url = "github:nix-community/impermanence"; + # }; # users home directories home-manager = { @@ -62,7 +62,7 @@ outputs = { nixpkgs, disko, - impermanence, + # impermanence, nixos-hardware, home-manager, lix-module, @@ -132,7 +132,7 @@ modules = [ lix-module.nixosModules.default ./overlays - impermanence.nixosModules.impermanence + # impermanence.nixosModules.impermanence disko.nixosModules.disko home-manager.nixosModules.home-manager home-manager-config diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 0d345f28..13e4d5e2 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -2,7 +2,6 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { - pkgs, config, lib, modulesPath, @@ -24,38 +23,38 @@ # zfs rollback -r rpool/root@blank # zfs rollback -r rpool/home@blank # ''; - systemd = { - enable = lib.mkDefault true; - services.rollback = { - description = "Rollback root filesystem to a pristine state on boot"; - wantedBy = [ - "zfs.target" - "initrd.target" - ]; - after = [ - "zfs-import-rpool.service" - ]; - before = [ - "sysroot.mount" - "fs.target" - ]; - path = with pkgs; [ - zfs - ]; - unitConfig.DefaultDependencies = "no"; - # serviceConfig = { - # Type = "oneshot"; - # ExecStart = - # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; - # }; - serviceConfig.Type = "oneshot"; - script = '' - zfs list -t snapshot || echo - zfs rollback -r rpool/root@blank - zfs rollback -r rpool/home@blank - ''; - }; - }; + # systemd = { + # enable = lib.mkDefault true; + # services.rollback = { + # description = "Rollback root filesystem to a pristine state on boot"; + # wantedBy = [ + # "zfs.target" + # "initrd.target" + # ]; + # after = [ + # "zfs-import-rpool.service" + # ]; + # before = [ + # "sysroot.mount" + # "fs.target" + # ]; + # path = with pkgs; [ + # zfs + # ]; + # unitConfig.DefaultDependencies = "no"; + # # serviceConfig = { + # # Type = "oneshot"; + # # ExecStart = + # # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; + # # }; + # serviceConfig.Type = "oneshot"; + # script = '' + # zfs list -t snapshot || echo + # zfs rollback -r rpool/root@blank + # zfs rollback -r rpool/home@blank + # ''; + # }; + # }; }; kernelModules = ["kvm-amd"]; kernelParams = ["quiet"]; @@ -68,19 +67,19 @@ swapDevices = []; - fileSystems = { - "/" = { - neededForBoot = true; - }; + # fileSystems = { + # "/" = { + # neededForBoot = true; + # }; - "/home" = { - neededForBoot = true; - }; + # "/home" = { + # neededForBoot = true; + # }; - "/persistent" = { - neededForBoot = true; - }; - }; + # "/persistent" = { + # neededForBoot = true; + # }; + # }; networking = { hostId = "c51763d6"; @@ -88,43 +87,43 @@ useNetworkd = true; }; - environment.persistence."/persistent" = { - enable = true; - hideMounts = true; - directories = [ - # "/run/secrets" + # environment.persistence."/persistent" = { + # enable = true; + # hideMounts = true; + # directories = [ + # # "/run/secrets" - "/etc/ssh" + # "/etc/ssh" - "/var/log" - "/var/lib/nixos" - "/var/lib/systemd/coredump" + # "/var/log" + # "/var/lib/nixos" + # "/var/lib/systemd/coredump" - # config.apps.pihole.directory.root + # # config.apps.pihole.directory.root - # config.apps.jellyfin.mediaDirectory - # config.services.jellyfin.configDir - # config.services.jellyfin.cacheDir - # config.services.jellyfin.dataDir + # # config.apps.jellyfin.mediaDirectory + # # config.services.jellyfin.configDir + # # config.services.jellyfin.cacheDir + # # config.services.jellyfin.dataDir - # "/var/hass" # config.users.users.hass.home - # "/var/postgresql" # config.users.users.postgresql.home - # "/var/forgejo" # config.users.users.forgejo.home - # "/var/nextcloud" # config.users.users.nextcloud.home - # "/var/headscale" # config.users.users.headscale.home - ]; - files = [ - "/etc/machine-id" - # config.environment.sessionVariables.SOPS_AGE_KEY_FILE - ]; - users.leyla = { - directories = [ - "documents" - ".ssh" - ]; - files = []; - }; - }; + # # "/var/hass" # config.users.users.hass.home + # # "/var/postgresql" # config.users.users.postgresql.home + # # "/var/forgejo" # config.users.users.forgejo.home + # # "/var/nextcloud" # config.users.users.nextcloud.home + # # "/var/headscale" # config.users.users.headscale.home + # ]; + # files = [ + # "/etc/machine-id" + # # config.environment.sessionVariables.SOPS_AGE_KEY_FILE + # ]; + # users.leyla = { + # directories = [ + # "documents" + # ".ssh" + # ]; + # files = []; + # }; + # }; # systemd.services = { # # https://github.com/openzfs/zfs/issues/10891 From 47c8a79178bb08260c66782fb81eba8f03b0d1a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 11 Nov 2024 20:18:24 -0600 Subject: [PATCH 329/932] installed nix-inspect in dev shell --- README.md | 3 +++ flake.nix | 8 +++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index afd4f907..d04a3283 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,9 @@ ## Updating Secrets `sops -c sops secrets/secrets_file_here.yaml` +## Inspecting a configuration +`nix-inspect -p .` + # Notes: ## Research topics diff --git a/flake.nix b/flake.nix index 7d24c4c5..4485df34 100644 --- a/flake.nix +++ b/flake.nix @@ -92,7 +92,13 @@ devShells = forEachPkgs (pkgs: { default = pkgs.mkShell { - packages = with pkgs; [git sops alejandra nixos-anywhere]; + packages = with pkgs; [ + git + sops + alejandra + nix-inspect + nixos-anywhere + ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; From db36e48564fb14abe2eef7fd7ef571f20b18f472 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 13 Nov 2024 18:49:06 -0600 Subject: [PATCH 330/932] added hide env diff to direnv config --- users/leyla/home.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index c74037a4..1cb93f56 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -95,6 +95,9 @@ enable = true; enableBashIntegration = true; nix-direnv.enable = true; + config = { + hide_env_diff = true; + }; }; bash.enable = true; From 1179b3a6057e8e5e1c43fb4ec4c78a1308824f86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 16 Nov 2024 23:35:02 +0000 Subject: [PATCH 331/932] added nix-config to direnv whitelist --- users/leyla/home.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/users/leyla/home.nix b/users/leyla/home.nix index 1cb93f56..f87768e5 100644 --- a/users/leyla/home.nix +++ b/users/leyla/home.nix @@ -96,7 +96,8 @@ enableBashIntegration = true; nix-direnv.enable = true; config = { - hide_env_diff = true; + global.hide_env_diff = true; + whitelist.exact = ["/home/leyla/documents/code/nix-config"]; }; }; bash.enable = true; From da8f80584fc79521fe1dbb9e48d58a8d386c80be Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 17 Nov 2024 19:18:14 -0600 Subject: [PATCH 332/932] installed plugins for astro blog development --- users/leyla/vscode.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/users/leyla/vscode.nix b/users/leyla/vscode.nix index 2da1844a..1a118dbb 100644 --- a/users/leyla/vscode.nix +++ b/users/leyla/vscode.nix @@ -73,6 +73,10 @@ in { stylelint.vscode-stylelint tauri-apps.tauri-vscode + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + # misc extensions bungcip.better-toml From c8e7944da51575860e7b8396cf1b64a0bf95042f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 21 Nov 2024 22:02:11 -0600 Subject: [PATCH 333/932] added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d04a3283..1c3dac4d 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates +- default open file types - samba mounts - firefox declarative??? - figure out steam vr things? From 18f51a65c267eff00cfb55c29701f57f505827eb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 00:51:10 -0600 Subject: [PATCH 334/932] restructured project to split out home manager --- enviroments/common/default.nix | 2 +- enviroments/common/users/default.nix | 9 + .../common/users}/ester/default.nix | 1 - .../common/users}/eve/default.nix | 1 - .../common/users}/leyla/default.nix | 0 flake.nix | 78 +---- homes/default.nix | 5 + .../ester/home.nix => homes/ester/default.nix | 1 - users/eve/home.nix => homes/eve/default.nix | 0 .../leyla/home.nix => homes/leyla/default.nix | 0 homes/leyla/firefox.nix | 304 ++++++++++++++++++ {users => homes}/leyla/packages.nix | 0 {users => homes}/leyla/vscode.nix | 2 +- hosts/defiant/configuration.nix | 8 +- hosts/defiant/default.nix | 8 + hosts/horizon/configuration.nix | 18 +- hosts/horizon/default.nix | 7 + hosts/twilight/configuration.nix | 13 +- hosts/twilight/default.nix | 7 + secrets | 1 - users/default.nix | 14 - users/home.nix | 9 - users/leyla/firefox.nix | 132 -------- util/default.nix | 55 +++- 24 files changed, 421 insertions(+), 254 deletions(-) create mode 100644 enviroments/common/users/default.nix rename {users => enviroments/common/users}/ester/default.nix (98%) rename {users => enviroments/common/users}/eve/default.nix (98%) rename {users => enviroments/common/users}/leyla/default.nix (100%) create mode 100644 homes/default.nix rename users/ester/home.nix => homes/ester/default.nix (99%) rename users/eve/home.nix => homes/eve/default.nix (100%) rename users/leyla/home.nix => homes/leyla/default.nix (100%) create mode 100644 homes/leyla/firefox.nix rename {users => homes}/leyla/packages.nix (100%) rename {users => homes}/leyla/vscode.nix (98%) create mode 100644 hosts/defiant/default.nix create mode 100644 hosts/horizon/default.nix create mode 100644 hosts/twilight/default.nix delete mode 160000 secrets delete mode 100644 users/default.nix delete mode 100644 users/home.nix delete mode 100644 users/leyla/firefox.nix diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 8b18f78e..cd8d5888 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -4,7 +4,7 @@ ... }: { imports = [ - ../../users + ./users ]; nix = { diff --git a/enviroments/common/users/default.nix b/enviroments/common/users/default.nix new file mode 100644 index 00000000..ab0baa9b --- /dev/null +++ b/enviroments/common/users/default.nix @@ -0,0 +1,9 @@ +{...}: { + imports = [ + ./leyla + ./ester + ./eve + ]; + + users.mutableUsers = false; +} diff --git a/users/ester/default.nix b/enviroments/common/users/ester/default.nix similarity index 98% rename from users/ester/default.nix rename to enviroments/common/users/ester/default.nix index ec5449c5..0ebd7d17 100644 --- a/users/ester/default.nix +++ b/enviroments/common/users/ester/default.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, inputs, ... }: let diff --git a/users/eve/default.nix b/enviroments/common/users/eve/default.nix similarity index 98% rename from users/eve/default.nix rename to enviroments/common/users/eve/default.nix index 46c9a8a4..fa401125 100644 --- a/users/eve/default.nix +++ b/enviroments/common/users/eve/default.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, inputs, ... }: let diff --git a/users/leyla/default.nix b/enviroments/common/users/leyla/default.nix similarity index 100% rename from users/leyla/default.nix rename to enviroments/common/users/leyla/default.nix diff --git a/flake.nix b/flake.nix index 4485df34..4ebc7ec3 100644 --- a/flake.nix +++ b/flake.nix @@ -34,7 +34,7 @@ }; # firefox-addons = { - # url = "gitlab.com:rycee/nur-expressions?dir=pkgs/firefox-addons"; + # url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; # inputs.nixpkgs.follows = "nixpkgs"; # }; @@ -59,32 +59,13 @@ }; }; - outputs = { - nixpkgs, - disko, - # impermanence, - nixos-hardware, - home-manager, - lix-module, - ... - } @ inputs: let - home-manager-config = { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; - }; - systems = [ - "aarch64-darwin" - "aarch64-linux" - "x86_64-darwin" - "x86_64-linux" - ]; - forEachSystem = nixpkgs.lib.genAttrs systems; - forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); - - callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); - lib = callPackage ./util {} // nixpkgs.lib; + outputs = {...} @ inputs: let + util = import ./util {inherit inputs;}; + forEachPkgs = util.forEachPkgs; + mkSystem = util.mkSystem; + # mkHome = util.mkHome; + # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); + # lib = callPackage ./lib {} // nixpkgs.lib; in { packages = forEachPkgs (import ./pkgs); @@ -108,44 +89,15 @@ }; }); + # homeConfigurations = { + # "leyla@horizon" = mkHome "leyla" "horizon"; # "x86_64-linux" ./homes/leyla; + # }; + nixosConfigurations = { # Leyla Laptop - horizon = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs lib;}; - modules = [ - lix-module.nixosModules.default - ./overlays - home-manager.nixosModules.home-manager - home-manager-config - ./hosts/horizon/configuration.nix - nixos-hardware.nixosModules.framework-11th-gen-intel - ]; - }; - # Leyla Desktop - twilight = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs lib;}; - modules = [ - lix-module.nixosModules.default - ./overlays - home-manager.nixosModules.home-manager - home-manager-config - ./hosts/twilight/configuration.nix - ]; - }; - # NAS Service - defiant = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs lib;}; - modules = [ - lix-module.nixosModules.default - ./overlays - # impermanence.nixosModules.impermanence - disko.nixosModules.disko - home-manager.nixosModules.home-manager - home-manager-config - ./hosts/defiant/disko-config.nix - ./hosts/defiant/configuration.nix - ]; - }; + horizon = mkSystem "horizon"; + twilight = mkSystem "twilight"; + defiant = mkSystem "defiant"; }; }; } diff --git a/homes/default.nix b/homes/default.nix new file mode 100644 index 00000000..8b441267 --- /dev/null +++ b/homes/default.nix @@ -0,0 +1,5 @@ +{ + leyla = import ./leyla; + ester = import ./ester; + eve = import ./eve; +} diff --git a/users/ester/home.nix b/homes/ester/default.nix similarity index 99% rename from users/ester/home.nix rename to homes/ester/default.nix index 773c13c2..3edfca44 100644 --- a/users/ester/home.nix +++ b/homes/ester/default.nix @@ -1,7 +1,6 @@ { pkgs, lib, - config, osConfig, ... }: let diff --git a/users/eve/home.nix b/homes/eve/default.nix similarity index 100% rename from users/eve/home.nix rename to homes/eve/default.nix diff --git a/users/leyla/home.nix b/homes/leyla/default.nix similarity index 100% rename from users/leyla/home.nix rename to homes/leyla/default.nix diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix new file mode 100644 index 00000000..b9c21537 --- /dev/null +++ b/homes/leyla/firefox.nix @@ -0,0 +1,304 @@ +{ + lib, + osConfig, + # buildFirefoxXpiAddon, + pkgs, + inputs, + ... +}: let + cfg = osConfig.nixos.users.leyla; +in { + # programs.firefox = { + # enable = cfg.isDesktopUser; + # profiles.leyla = { + + # settings = { + # "browser.search.defaultenginename" = "Searx"; + # "browser.search.order.1" = "Searx"; + # }; + + # search = { + # force = true; + # default = "Searx"; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + # "Searx" = { + # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@searx" ]; + # }; + # }; + # }; + + # extentions = with inputs.firefox-addons.packages."x86_64-linux"; [ + # bitwarden + # terms-of-service-didnt-read + # multi-account-containers + # shinigami-eyes + + # ublock-origin + # sponsorblock + # dearrow + # df-youtube + # return-youtube-dislikes + + # privacy-badger + # decentraleyes + # clearurls + # localcdn + + # snowflake + + # deutsch-de-language-pack + # dictionary-german + + # # ( + # # buildFirefoxXpiAddon rec { + # # pname = "italiano-it-language-pack"; + # # version = "132.0.20241110.231641"; + # # addonId = "langpack-it@firefox.mozilla.org"; + # # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + # # sha256 = ""; + # # meta = with lib; + # # { + # # description = "Firefox Language Pack for Italiano (it) – Italian"; + # # license = licenses.mpl20; + # # mozPermissions = []; + # # platforms = platforms.all; + # # }; + # # } + # # ) + # # ( + # # buildFirefoxXpiAddon rec { + # # pname = "dizionario-italiano"; + # # version = "5.1"; + # # addonId = "it-IT@dictionaries.addons.mozilla.org"; + # # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + # # sha256 = ""; + # # meta = with lib; + # # { + # # description = "Add support for Italian to spellchecking"; + # # license = licenses.gpl3; + # # mozPermissions = []; + # # platforms = platforms.all; + # # }; + # # } + # # ) + # ]; + + # settings = { + # # Disable irritating first-run stuff + # "browser.disableResetPrompt" = true; + # "browser.download.panel.shown" = true; + # "browser.feeds.showFirstRunUI" = false; + # "browser.messaging-system.whatsNewPanel.enabled" = false; + # "browser.rights.3.shown" = true; + # "browser.shell.checkDefaultBrowser" = false; + # "browser.shell.defaultBrowserCheckCount" = 1; + # "browser.startup.homepage_override.mstone" = "ignore"; + # "browser.uitour.enabled" = false; + # "startup.homepage_override_url" = ""; + # "trailhead.firstrun.didSeeAboutWelcome" = true; + # "browser.bookmarks.restore_default_bookmarks" = false; + # "browser.bookmarks.addedImportButton" = true; + + # # Usage Experiance + # "browser.startup.homepage" = "about:home"; + # "browser.download.useDownloadDir" = false; + # "browser.uiCustomization.state" = builtins.toJSON { + # "currentVersion" = 20; + # "newElementCount" = 6; + # "dirtyAreaCache" = [ + # "nav-bar" + # "PersonalToolbar" + # "toolbar-menubar" + # "TabsToolbar" + # "unified-extensions-area" + # "vertical-tabs" + # ]; + # "placements" = { + # "widget-overflow-fixed-list" = []; + # "unified-extensions-area"= [ + # "ublock0_raymondhill_net-browser-action" + # "sponsorblocker_ajay_app-browser-action" + # "dearrow_ajay_app-browser-action" + # "privacy_privacy_com-browser-action" + # "addon_simplelogin-browser-action" + # ]; + # "nav-bar" = [ + # "back-button" + # "forward-button" + # "stop-reload-button" + # "urlbar-container" + # "downloads-button" + # "unified-extensions-button" + # "reset-pbm-toolbar-button" + # ]; + # "toolbar-menubar" = [ + # "menubar-items" + # ]; + # "TabsToolbar" = [ + # "firefox-view-button" + # "tabbrowser-tabs" + # "new-tab-button" + # "alltabs-button" + # ]; + # "vertical-tabs" = []; + # "PersonalToolbar" = [ + # "import-button" + # "personal-bookmarks" + # ]; + # }; + # "seen" = [ + # "save-to-pocket-button" + # "developer-button" + # "privacy_privacy_com-browser-action" + # "sponsorblocker_ajay_app-browser-action" + # "ublock0_raymondhill_net-browser-action" + # "addon_simplelogin-browser-action" + # "dearrow_ajay_app-browser-action" + # ]; + # }; + # "browser.newtabpage.activity-stream.feeds.topsites" = false; + # "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + # "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + # "browser.newtabpage.blocked" = lib.genAttrs [ + # # Facebook + # "4gPpjkxgZzXPVtuEoAL9Ig==" + # # Reddit + # "gLv0ja2RYVgxKdp0I5qwvA==" + # # Amazon + # "K00ILysCaEq8+bEqV/3nuw==" + # # Twitter + # "T9nJot5PurhJSy8n038xGA==" + # ] (_: 1); + # "signon.rememberSignons" = false; + # "identity.fxaccounts.enabled" = false; + + # # Security + # "privacy.trackingprotection.enabled" = true; + # "dom.security.https_only_mode" = true; + + # # Disable telemetry + # "app.shield.optoutstudies.enabled" = false; + # "browser.discovery.enabled" = false; + # "browser.newtabpage.activity-stream.feeds.telemetry" = false; + # "browser.newtabpage.activity-stream.telemetry" = false; + # "browser.ping-centre.telemetry" = false; + # "datareporting.healthreport.service.enabled" = false; + # "datareporting.healthreport.uploadEnabled" = false; + # "datareporting.policy.dataSubmissionEnabled" = false; + # "datareporting.sessions.current.clean" = true; + # "devtools.onboarding.telemetry.logged" = false; + # "toolkit.telemetry.archive.enabled" = false; + # "toolkit.telemetry.bhrPing.enabled" = false; + # "toolkit.telemetry.enabled" = false; + # "toolkit.telemetry.firstShutdownPing.enabled" = false; + # "toolkit.telemetry.hybridContent.enabled" = false; + # "toolkit.telemetry.newProfilePing.enabled" = false; + # "toolkit.telemetry.prompted" = 2; + # "toolkit.telemetry.rejected" = true; + # "toolkit.telemetry.reportingpolicy.firstRun" = false; + # "toolkit.telemetry.server" = ""; + # "toolkit.telemetry.shutdownPingSender.enabled" = false; + # "toolkit.telemetry.unified" = false; + # "toolkit.telemetry.unifiedIsOptIn" = false; + # "toolkit.telemetry.updatePing.enabled" = false; + # }; + + # bookmarks = [ + # { + # name = "Media"; + # url = "https://jellyfin.jan-leila.com/"; + # # url = "https://media.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Drive"; + # url = "https://drive.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Git"; + # url = "https://git.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Home Automation"; + # url = "https://home-assistant.jan-leila.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mail"; + # url = "https://mail.protonmail.com"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Open Street Map"; + # url = "https://www.openstreetmap.org/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Password Manager"; + # url = "https://vault.bitwarden.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Mastodon"; + # url = "https://mspsocial.net"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Linked In"; + # url = "https://www.linkedin.com/"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "Job Search"; + # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + # keyword = ""; + # tags = [""]; + # } + # { + # name = "React Docs"; + # url = "https://react.dev/"; + # keyword = ""; + # tags = [""]; + # } + # # Template + # # { + # # name = ""; + # # url = ""; + # # keyword = ""; + # # tags = [""]; + # # } + # ]; + # }; + # }; +} diff --git a/users/leyla/packages.nix b/homes/leyla/packages.nix similarity index 100% rename from users/leyla/packages.nix rename to homes/leyla/packages.nix diff --git a/users/leyla/vscode.nix b/homes/leyla/vscode.nix similarity index 98% rename from users/leyla/vscode.nix rename to homes/leyla/vscode.nix index 1a118dbb..02411ada 100644 --- a/users/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -23,7 +23,7 @@ in { open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; in { - enable = true; + enable = cfg.isDesktopUser; package = pkgs.vscodium; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 76dba609..06724b45 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -1,15 +1,11 @@ # server nas { - pkgs, inputs, + pkgs, ... }: { imports = [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - - ./hardware-configuration.nix - + inputs.disko.nixosModules.disko ../../enviroments/server ]; diff --git a/hosts/defiant/default.nix b/hosts/defiant/default.nix new file mode 100644 index 00000000..36e1b6fd --- /dev/null +++ b/hosts/defiant/default.nix @@ -0,0 +1,8 @@ +# server nas +{...}: { + imports = [ + ./configuration.nix + ./disko-config.nix + ./hardware-configuration.nix + ]; +} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 15a52e9a..d1765229 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,10 +1,6 @@ -# leyla laptop {inputs, ...}: { imports = [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - - ./hardware-configuration.nix + inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client ]; @@ -13,12 +9,12 @@ leyla = { isDesktopUser = true; }; - ester = { - isDesktopUser = true; - }; - eve = { - isDesktopUser = true; - }; + # ester = { + # isDesktopUser = true; + # }; + # eve = { + # isDesktopUser = true; + # }; }; # enabled virtualisation for docker diff --git a/hosts/horizon/default.nix b/hosts/horizon/default.nix new file mode 100644 index 00000000..12632155 --- /dev/null +++ b/hosts/horizon/default.nix @@ -0,0 +1,7 @@ +# leyla laptop +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; +} diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 0ed47c87..264ea404 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,16 +1,5 @@ -# leyla laptop -{ - config, - pkgs, - inputs, - ... -}: { +{pkgs, ...}: { imports = [ - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - - ./hardware-configuration.nix - ../../enviroments/client ]; nixos.users = { diff --git a/hosts/twilight/default.nix b/hosts/twilight/default.nix new file mode 100644 index 00000000..edfb3f6b --- /dev/null +++ b/hosts/twilight/default.nix @@ -0,0 +1,7 @@ +# leyla desktop +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; +} diff --git a/secrets b/secrets deleted file mode 160000 index ef623d6a..00000000 --- a/secrets +++ /dev/null @@ -1 +0,0 @@ -Subproject commit ef623d6a9e25c1f0ec9d282ab5ed5dff54674816 diff --git a/users/default.nix b/users/default.nix deleted file mode 100644 index fd1f6a40..00000000 --- a/users/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - lib, - config, - ... -}: { - imports = [./leyla ./ester ./eve]; - - users.mutableUsers = false; - - home-manager.users = import ./home.nix { - lib = lib; - config = config; - }; -} diff --git a/users/home.nix b/users/home.nix deleted file mode 100644 index d32f2dfa..00000000 --- a/users/home.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - lib, - config, - ... -}: { - leyla = lib.mkIf (config.nixos.users.leyla.isDesktopUser || config.nixos.users.leyla.isTerminalUser) (import ./leyla/home.nix); - ester = lib.mkIf config.nixos.users.ester.isDesktopUser (import ./ester/home.nix); - eve = lib.mkIf config.nixos.users.eve.isDesktopUser (import ./eve/home.nix); -} diff --git a/users/leyla/firefox.nix b/users/leyla/firefox.nix deleted file mode 100644 index 615b3e37..00000000 --- a/users/leyla/firefox.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ - lib, - config, - pkgs, - inputs, - ... -}: { - programs = { - # firefox = { - # enable = true; - # profiles.leyla = { - - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; - - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; - - # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # bitwarden - - # ]; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://tech.lgbt"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # } - }; -} diff --git a/util/default.nix b/util/default.nix index a06ac294..e091d800 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,8 +1,61 @@ -{lib, ...}: { +{inputs}: let + util = (import ./default.nix) {inherit inputs;}; + outputs = inputs.self.outputs; + + lib = inputs.lib; + lix-module = inputs.lix-module; + nixpkgs = inputs.nixpkgs; + home-manager = inputs.home-manager; + sops-nix = inputs.sops-nix; + + systems = [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; + forEachSystem = nixpkgs.lib.genAttrs systems; + pkgsFor = system: nixpkgs.legacyPackages.${system}; + + home-manager-config = { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = {inherit inputs;}; + home-manager.users = import ../homes; + }; +in { + forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); + mkUnless = condition: yes: (lib.mkIf (!condition) yes); mkIfElse = condition: yes: no: lib.mkMerge [ (lib.mkIf condition yes) (lib.mkUnless condition no) ]; + + mkSystem = host: + inputs.nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs outputs util;}; + modules = [ + lix-module.nixosModules.default + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + home-manager-config + ../overlays + ../hosts/${host} + ]; + }; + + # mkHome = user: host: + # home-manager.lib.homeManagerConfiguration { + # # pkgs = pkgsFor system; + # extraSpecialArgs = { + # inherit inputs util outputs; + # }; + # modules = [ + # # config + # outputs.homeManagerModules.default + # ]; + # }; } From bf8d87600d8ded556a3e1d29b4643aeb1bc9723e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 00:53:37 -0600 Subject: [PATCH 335/932] commented out temporary unused imports in firefox --- homes/leyla/firefox.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index b9c21537..49796a02 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -1,12 +1,12 @@ { - lib, - osConfig, + # lib, + # osConfig, # buildFirefoxXpiAddon, - pkgs, - inputs, + # pkgs, + # inputs, ... }: let - cfg = osConfig.nixos.users.leyla; + # cfg = osConfig.nixos.users.leyla; in { # programs.firefox = { # enable = cfg.isDesktopUser; From 7d71802ba16605490f9cb30d6c221fe0358fd1f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 01:06:02 -0600 Subject: [PATCH 336/932] managed firefox though home manager --- README.md | 2 +- flake.lock | 45 ++- flake.nix | 8 +- homes/leyla/firefox.nix | 579 ++++++++++++++++++++------------------- homes/leyla/packages.nix | 1 - 5 files changed, 340 insertions(+), 295 deletions(-) diff --git a/README.md b/README.md index 1c3dac4d..72c77cf1 100644 --- a/README.md +++ b/README.md @@ -36,8 +36,8 @@ - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html -- This person seams to know what they are doing with home manager https://github.com/arvigeus/nixos-config/ - https://nixos-and-flakes.thiscute.world/ +- `homeConfigurations` https://github.com/diego-vicente/dotfiles/blob/6c47284868f9e99483da34257144bd03ae5edbbe/flake.nix # Tasks: diff --git a/flake.lock b/flake.lock index b092a6d1..d107388d 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,29 @@ "type": "github" } }, + "firefox-addons": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "dir": "pkgs/firefox-addons", + "lastModified": 1732248209, + "narHash": "sha256-Mv8k0VuGdb6YhhKt+8SIvhMdmI4xZhw/3ycSvlAq19Q=", + "owner": "rycee", + "repo": "nur-expressions", + "rev": "4a8ba00d1be3f3745428ed56efbb32155c548192", + "type": "gitlab" + }, + "original": { + "dir": "pkgs/firefox-addons", + "owner": "rycee", + "repo": "nur-expressions", + "type": "gitlab" + } + }, "flake-compat": { "locked": { "lastModified": 1696426674, @@ -52,6 +75,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -69,7 +107,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -138,7 +176,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -163,7 +201,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -233,6 +271,7 @@ "root": { "inputs": { "disko": "disko", + "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "home-manager": "home-manager", "lix-module": "lix-module", diff --git a/flake.nix b/flake.nix index 4ebc7ec3..63029608 100644 --- a/flake.nix +++ b/flake.nix @@ -33,10 +33,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # firefox-addons = { - # url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + firefox-addons = { + url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # vscode extensions nix-vscode-extensions = { diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index 49796a02..f69af0ec 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -1,304 +1,311 @@ { - # lib, - # osConfig, + lib, + osConfig, # buildFirefoxXpiAddon, - # pkgs, - # inputs, + pkgs, + inputs, ... }: let - # cfg = osConfig.nixos.users.leyla; + cfg = osConfig.nixos.users.leyla; in { - # programs.firefox = { - # enable = cfg.isDesktopUser; - # profiles.leyla = { + programs.firefox = { + enable = cfg.isDesktopUser; + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; + }; + }; - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; + extensions = with inputs.firefox-addons.packages.${pkgs.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes - # extentions = with inputs.firefox-addons.packages."x86_64-linux"; [ - # bitwarden - # terms-of-service-didnt-read - # multi-account-containers - # shinigami-eyes + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes - # ublock-origin - # sponsorblock - # dearrow - # df-youtube - # return-youtube-dislikes + privacy-badger + decentraleyes + clearurls + localcdn - # privacy-badger - # decentraleyes - # clearurls - # localcdn + snowflake - # snowflake + deutsch-de-language-pack + dictionary-german - # deutsch-de-language-pack - # dictionary-german + # ( + # buildFirefoxXpiAddon rec { + # pname = "italiano-it-language-pack"; + # version = "132.0.20241110.231641"; + # addonId = "langpack-it@firefox.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Firefox Language Pack for Italiano (it) – Italian"; + # license = licenses.mpl20; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + # ( + # buildFirefoxXpiAddon rec { + # pname = "dizionario-italiano"; + # version = "5.1"; + # addonId = "it-IT@dictionaries.addons.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Add support for Italian to spellchecking"; + # license = licenses.gpl3; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + ]; - # # ( - # # buildFirefoxXpiAddon rec { - # # pname = "italiano-it-language-pack"; - # # version = "132.0.20241110.231641"; - # # addonId = "langpack-it@firefox.mozilla.org"; - # # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # # sha256 = ""; - # # meta = with lib; - # # { - # # description = "Firefox Language Pack for Italiano (it) – Italian"; - # # license = licenses.mpl20; - # # mozPermissions = []; - # # platforms = platforms.all; - # # }; - # # } - # # ) - # # ( - # # buildFirefoxXpiAddon rec { - # # pname = "dizionario-italiano"; - # # version = "5.1"; - # # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # # sha256 = ""; - # # meta = with lib; - # # { - # # description = "Add support for Italian to spellchecking"; - # # license = licenses.gpl3; - # # mozPermissions = []; - # # platforms = platforms.all; - # # }; - # # } - # # ) - # ]; + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; - # settings = { - # # Disable irritating first-run stuff - # "browser.disableResetPrompt" = true; - # "browser.download.panel.shown" = true; - # "browser.feeds.showFirstRunUI" = false; - # "browser.messaging-system.whatsNewPanel.enabled" = false; - # "browser.rights.3.shown" = true; - # "browser.shell.checkDefaultBrowser" = false; - # "browser.shell.defaultBrowserCheckCount" = 1; - # "browser.startup.homepage_override.mstone" = "ignore"; - # "browser.uitour.enabled" = false; - # "startup.homepage_override_url" = ""; - # "trailhead.firstrun.didSeeAboutWelcome" = true; - # "browser.bookmarks.restore_default_bookmarks" = false; - # "browser.bookmarks.addedImportButton" = true; + # Usage Experiance + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "privacy_privacy_com-browser-action" + "addon_simplelogin-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" + "privacy_privacy_com-browser-action" + "sponsorblocker_ajay_app-browser-action" + "ublock0_raymondhill_net-browser-action" + "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + ]; + }; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "signon.rememberSignons" = false; + "identity.fxaccounts.enabled" = false; - # # Usage Experiance - # "browser.startup.homepage" = "about:home"; - # "browser.download.useDownloadDir" = false; - # "browser.uiCustomization.state" = builtins.toJSON { - # "currentVersion" = 20; - # "newElementCount" = 6; - # "dirtyAreaCache" = [ - # "nav-bar" - # "PersonalToolbar" - # "toolbar-menubar" - # "TabsToolbar" - # "unified-extensions-area" - # "vertical-tabs" - # ]; - # "placements" = { - # "widget-overflow-fixed-list" = []; - # "unified-extensions-area"= [ - # "ublock0_raymondhill_net-browser-action" - # "sponsorblocker_ajay_app-browser-action" - # "dearrow_ajay_app-browser-action" - # "privacy_privacy_com-browser-action" - # "addon_simplelogin-browser-action" - # ]; - # "nav-bar" = [ - # "back-button" - # "forward-button" - # "stop-reload-button" - # "urlbar-container" - # "downloads-button" - # "unified-extensions-button" - # "reset-pbm-toolbar-button" - # ]; - # "toolbar-menubar" = [ - # "menubar-items" - # ]; - # "TabsToolbar" = [ - # "firefox-view-button" - # "tabbrowser-tabs" - # "new-tab-button" - # "alltabs-button" - # ]; - # "vertical-tabs" = []; - # "PersonalToolbar" = [ - # "import-button" - # "personal-bookmarks" - # ]; - # }; - # "seen" = [ - # "save-to-pocket-button" - # "developer-button" - # "privacy_privacy_com-browser-action" - # "sponsorblocker_ajay_app-browser-action" - # "ublock0_raymondhill_net-browser-action" - # "addon_simplelogin-browser-action" - # "dearrow_ajay_app-browser-action" - # ]; - # }; - # "browser.newtabpage.activity-stream.feeds.topsites" = false; - # "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - # "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - # "browser.newtabpage.blocked" = lib.genAttrs [ - # # Facebook - # "4gPpjkxgZzXPVtuEoAL9Ig==" - # # Reddit - # "gLv0ja2RYVgxKdp0I5qwvA==" - # # Amazon - # "K00ILysCaEq8+bEqV/3nuw==" - # # Twitter - # "T9nJot5PurhJSy8n038xGA==" - # ] (_: 1); - # "signon.rememberSignons" = false; - # "identity.fxaccounts.enabled" = false; + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; - # # Security - # "privacy.trackingprotection.enabled" = true; - # "dom.security.https_only_mode" = true; + # Disable telemetry + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; - # # Disable telemetry - # "app.shield.optoutstudies.enabled" = false; - # "browser.discovery.enabled" = false; - # "browser.newtabpage.activity-stream.feeds.telemetry" = false; - # "browser.newtabpage.activity-stream.telemetry" = false; - # "browser.ping-centre.telemetry" = false; - # "datareporting.healthreport.service.enabled" = false; - # "datareporting.healthreport.uploadEnabled" = false; - # "datareporting.policy.dataSubmissionEnabled" = false; - # "datareporting.sessions.current.clean" = true; - # "devtools.onboarding.telemetry.logged" = false; - # "toolkit.telemetry.archive.enabled" = false; - # "toolkit.telemetry.bhrPing.enabled" = false; - # "toolkit.telemetry.enabled" = false; - # "toolkit.telemetry.firstShutdownPing.enabled" = false; - # "toolkit.telemetry.hybridContent.enabled" = false; - # "toolkit.telemetry.newProfilePing.enabled" = false; - # "toolkit.telemetry.prompted" = 2; - # "toolkit.telemetry.rejected" = true; - # "toolkit.telemetry.reportingpolicy.firstRun" = false; - # "toolkit.telemetry.server" = ""; - # "toolkit.telemetry.shutdownPingSender.enabled" = false; - # "toolkit.telemetry.unified" = false; - # "toolkit.telemetry.unifiedIsOptIn" = false; - # "toolkit.telemetry.updatePing.enabled" = false; - # }; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # # url = "https://media.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://mspsocial.net"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # }; + bookmarks = [ + { + name = "Media"; + url = "https://jellyfin.jan-leila.com/"; + # url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Drive"; + url = "https://drive.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home-assistant.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; + }; } diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 8aa3a727..bfa9f184 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -28,7 +28,6 @@ in { #foss platforms signal-desktop bitwarden - firefox ungoogled-chromium libreoffice inkscape From 962aae64433db92d27512d042e57001fb490319e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 01:10:02 -0600 Subject: [PATCH 337/932] removed unused templates folder --- templates/default.nix | 1 - 1 file changed, 1 deletion(-) delete mode 100644 templates/default.nix diff --git a/templates/default.nix b/templates/default.nix deleted file mode 100644 index eed71245..00000000 --- a/templates/default.nix +++ /dev/null @@ -1 +0,0 @@ -_: {} From d74342427bf158acdb3f2d929f01d0353fcae538 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 02:09:58 -0600 Subject: [PATCH 338/932] tightened up firefox extensions configuration --- homes/leyla/firefox.nix | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index f69af0ec..c325495e 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -143,11 +143,22 @@ in { "placements" = { "widget-overflow-fixed-list" = []; "unified-extensions-area" = [ + "privacy_privacy_com-browser-action" + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "ublock0_raymondhill_net-browser-action" "sponsorblocker_ajay_app-browser-action" "dearrow_ajay_app-browser-action" - "privacy_privacy_com-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" ]; "nav-bar" = [ "back-button" @@ -181,6 +192,16 @@ in { "ublock0_raymondhill_net-browser-action" "addon_simplelogin-browser-action" "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" ]; }; "browser.newtabpage.activity-stream.feeds.topsites" = false; @@ -196,13 +217,24 @@ in { # Twitter "T9nJot5PurhJSy8n038xGA==" ] (_: 1); - "signon.rememberSignons" = false; "identity.fxaccounts.enabled" = false; # Security "privacy.trackingprotection.enabled" = true; "dom.security.https_only_mode" = true; + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + # Disable telemetry "app.shield.optoutstudies.enabled" = false; "browser.discovery.enabled" = false; From 747119936bef06812bb8f583327636c6eff134ae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 02:11:09 -0600 Subject: [PATCH 339/932] removed task from readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 72c77cf1..593444e2 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,6 @@ - Flake templates - default open file types - samba mounts -- firefox declarative??? - figure out steam vr things? - Open GL? - util functions From a71ddaf5bd21c60f576938e7c9891c4a2e632b44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 02:19:41 -0600 Subject: [PATCH 340/932] re enabled ester and eve users on horizon --- hosts/horizon/configuration.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index d1765229..7b85581d 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -9,12 +9,12 @@ leyla = { isDesktopUser = true; }; - # ester = { - # isDesktopUser = true; - # }; - # eve = { - # isDesktopUser = true; - # }; + ester = { + isDesktopUser = true; + }; + eve = { + isDesktopUser = true; + }; }; # enabled virtualisation for docker From 131f04d901a9c102ef1b81b0e7f6de1840d79716 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 22 Nov 2024 23:47:06 -0600 Subject: [PATCH 341/932] added comments to flake inputs --- README.md | 1 + flake.nix | 3 +++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 593444e2..8a340329 100644 --- a/README.md +++ b/README.md @@ -47,6 +47,7 @@ - move applications in server environment into their own flakes - get rid of disko config and import it in hardware-configuration.nix - why does users.users..home conflict with home-manager.users..home.homeDirectory +- get rid of environments folder ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates diff --git a/flake.nix b/flake.nix index 63029608..13f7b9a6 100644 --- a/flake.nix +++ b/flake.nix @@ -33,6 +33,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # firefox extensions firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; inputs.nixpkgs.follows = "nixpkgs"; @@ -49,10 +50,12 @@ url = "github:NixOS/nixos-hardware/master"; }; + # this is just here so that we have a lock on it for our dev shells flake-compat = { url = "github:edolstra/flake-compat"; }; + # lix in nice ig lix-module = { url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; inputs.nixpkgs.follows = "nixpkgs"; From ab7d031045232ffbb0e2263b8bb6c6793a3ce6e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 23 Nov 2024 00:05:55 -0600 Subject: [PATCH 342/932] added another description to a flake input --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 13f7b9a6..e895b5b0 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + # delete your darlings # impermanence = { # url = "github:nix-community/impermanence"; # }; From d6cccdc41b2a21001180de76fe0adba8ac457a31 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 23 Nov 2024 16:08:31 -0600 Subject: [PATCH 343/932] installed godot_4-mono --- homes/leyla/packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index bfa9f184..86da04a9 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -45,6 +45,7 @@ in { # wireshark # rpi-imager # fritzing + mfoc # proprietary platforms discord @@ -61,7 +62,7 @@ in { bruno qFlipper proxmark3 - mfoc + godot_4-mono # system tools protonvpn-gui From ddc087a5480811c1644ab6c380ea882d3a721c5c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 00:47:36 -0600 Subject: [PATCH 344/932] removed users from common removed common hardware --- enviroments/common/default.nix | 128 +---------- enviroments/common/users/default.nix | 9 - enviroments/common/users/ester/default.nix | 36 --- enviroments/common/users/eve/default.nix | 36 --- enviroments/common/users/leyla/default.nix | 78 ------- homes/default.nix | 12 +- homes/ester/default.nix | 4 +- homes/eve/default.nix | 4 +- homes/leyla/default.nix | 2 +- homes/leyla/firefox.nix | 6 +- homes/leyla/packages.nix | 128 ++++++----- homes/leyla/vscode.nix | 8 +- hosts/defiant/configuration.nix | 16 +- hosts/defiant/hardware-configuration.nix | 1 - hosts/hardware-common.nix | 15 -- hosts/horizon/configuration.nix | 37 +-- hosts/horizon/hardware-configuration.nix | 1 - hosts/twilight/configuration.nix | 25 ++- hosts/twilight/hardware-configuration.nix | 5 - modules/hardware.nix | 16 ++ modules/users.nix | 249 +++++++++++++++++++++ util/default.nix | 4 +- 22 files changed, 400 insertions(+), 420 deletions(-) delete mode 100644 enviroments/common/users/default.nix delete mode 100644 enviroments/common/users/ester/default.nix delete mode 100644 enviroments/common/users/eve/default.nix delete mode 100644 enviroments/common/users/leyla/default.nix delete mode 100644 hosts/hardware-common.nix create mode 100644 modules/hardware.nix create mode 100644 modules/users.nix diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index cd8d5888..e2c9e405 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,11 +1,5 @@ -{ - pkgs, - lib, - ... -}: { - imports = [ - ./users - ]; +{pkgs, ...}: { + imports = []; nix = { settings = { @@ -40,124 +34,6 @@ LC_TIME = "en_US.UTF-8"; }; - users = { - users = { - leyla = { - uid = 1000; - description = "Leyla"; - group = "leyla"; - home = "/home/leyla"; - }; - - ester = { - uid = 1001; - description = "Ester"; - group = "ester"; - home = "/home/ester"; - }; - - eve = { - uid = 1002; - description = "Eve"; - group = "eve"; - home = "/home/eve"; - }; - - jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; - }; - - forgejo = { - uid = 2002; - group = "forgejo"; - isSystemUser = true; - }; - - pihole = { - uid = 2003; - group = "pihole"; - isSystemUser = true; - }; - - hass = { - uid = lib.mkForce 2004; - group = "hass"; - isSystemUser = true; - }; - - headscale = { - uid = 2005; - group = "headscale"; - isSystemUser = true; - }; - - nextcloud = { - uid = 2006; - group = "nextcloud"; - isSystemUser = true; - }; - }; - - groups = { - leyla = { - gid = 1000; - members = ["lelya"]; - }; - - ester = { - gid = 1001; - members = ["ester"]; - }; - - eve = { - gid = 1002; - members = ["eve"]; - }; - - users = { - gid = 100; - members = ["leyla" "ester" "eve"]; - }; - - jellyfin = { - gid = 2000; - members = ["jellyfin" "leyla"]; - }; - - jellyfin_media = { - gid = 2001; - members = ["jellyfin" "leyla" "ester" "eve"]; - }; - - forgejo = { - gid = 2002; - members = ["forgejo" "leyla"]; - }; - - pihole = { - gid = 2003; - members = ["pihole" "leyla"]; - }; - - hass = { - gid = lib.mkForce 2004; - members = ["hass" "leyla"]; - }; - - headscale = { - gid = 2005; - members = ["headscale"]; - }; - - nextcloud = { - gid = 2006; - members = ["nextcloud"]; - }; - }; - }; - services = { automatic-timezoned = { enable = true; diff --git a/enviroments/common/users/default.nix b/enviroments/common/users/default.nix deleted file mode 100644 index ab0baa9b..00000000 --- a/enviroments/common/users/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - imports = [ - ./leyla - ./ester - ./eve - ]; - - users.mutableUsers = false; -} diff --git a/enviroments/common/users/ester/default.nix b/enviroments/common/users/ester/default.nix deleted file mode 100644 index 0ebd7d17..00000000 --- a/enviroments/common/users/ester/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - cfg = config.nixos.users.ester; -in { - options.nixos.users.ester = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - - config = { - nixpkgs.config.allowUnfree = true; - - sops.secrets = lib.mkIf cfg.isDesktopUser { - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - }; - - users.users.ester = ( - if cfg.isDesktopUser - then { - isNormalUser = true; - extraGroups = ["networkmanager"]; - - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - } - else { - isSystemUser = true; - } - ); - }; -} diff --git a/enviroments/common/users/eve/default.nix b/enviroments/common/users/eve/default.nix deleted file mode 100644 index fa401125..00000000 --- a/enviroments/common/users/eve/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - cfg = config.nixos.users.eve; -in { - options.nixos.users.eve = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - }; - - config = { - nixpkgs.config.allowUnfree = true; - - sops.secrets = lib.mkIf cfg.isDesktopUser { - "passwords/eve" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - }; - - users.users.eve = ( - if cfg.isDesktopUser - then { - isNormalUser = true; - extraGroups = ["networkmanager"]; - - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - } - else { - isSystemUser = true; - } - ); - }; -} diff --git a/enviroments/common/users/leyla/default.nix b/enviroments/common/users/leyla/default.nix deleted file mode 100644 index 2c1f87bf..00000000 --- a/enviroments/common/users/leyla/default.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - cfg = config.nixos.users.leyla; -in { - options.nixos.users.leyla = { - isDesktopUser = lib.mkEnableOption "install applications intended for desktop use"; - isTerminalUser = lib.mkEnableOption "install applications intended for terminal use"; - hasGPU = lib.mkEnableOption "installs gpu intensive programs"; - }; - - config = { - nixpkgs.config.allowUnfree = true; - - sops.secrets = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) { - "passwords/leyla" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - }; - - users.users.leyla = ( - if (cfg.isDesktopUser || cfg.isTerminalUser) - then { - isNormalUser = true; - extraGroups = ( - ["networkmanager" "wheel" "dialout"] - ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers" - ); - - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - openssh = { - authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - }; - } - else { - isSystemUser = true; - } - ); - - services = { - # ollama = { - # enable = cfg.hasGPU; - # acceleration = "cuda"; - # }; - - # TODO: this should reference the home directory from the user config - openssh.hostKeys = [ - { - comment = "leyla@" + config.networking.hostName; - path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; - rounds = 100; - type = "ed25519"; - } - ]; - }; - - programs = { - steam = lib.mkIf cfg.isDesktopUser { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; - - noisetorch.enable = cfg.isDesktopUser; - - adb.enable = cfg.isDesktopUser; - }; - }; -} diff --git a/homes/default.nix b/homes/default.nix index 8b441267..587d1c2a 100644 --- a/homes/default.nix +++ b/homes/default.nix @@ -1,5 +1,11 @@ { - leyla = import ./leyla; - ester = import ./ester; - eve = import ./eve; + lib, + config, + ... +}: let + users = config.host.users; +in { + leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); + ester = lib.mkIf users.ester.isNormalUser (import ./ester); + eve = lib.mkIf users.eve.isNormalUser (import ./eve); } diff --git a/homes/ester/default.nix b/homes/ester/default.nix index 3edfca44..1e5d5796 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.nixos.users.ester; + cfg = osConfig.host.users.ester; in { config = { home = { @@ -54,7 +54,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.mkIf cfg.isDesktopUser ( + packages = lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/homes/eve/default.nix b/homes/eve/default.nix index 0b1d25c8..d358b0d8 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.nixos.users.eve; + cfg = osConfig.host.users.eve; in { config = { home = { @@ -54,7 +54,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.mkIf cfg.isDesktopUser ( + packages = lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index f87768e5..fe90ccda 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -12,7 +12,7 @@ # manage. home = { username = "leyla"; - homeDirectory = osConfig.users.users.leyla.home; + # homeDirectory = osConfig.users.users.leyla.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index c325495e..32a3c6b4 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -5,11 +5,9 @@ pkgs, inputs, ... -}: let - cfg = osConfig.nixos.users.leyla; -in { +}: { programs.firefox = { - enable = cfg.isDesktopUser; + enable = true; profiles.leyla = { settings = { "browser.search.defaultenginename" = "Searx"; diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 86da04a9..97327ce3 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -4,7 +4,8 @@ pkgs, ... }: let - cfg = osConfig.nixos.users.leyla; + cfg = osConfig.host.users.leyla; + hardware = osConfig.host.hardware; in { imports = [ ./vscode.nix @@ -12,72 +13,69 @@ in { ]; home = { - packages = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) ( - lib.mkMerge [ - ( + packages = + lib.lists.optionals cfg.isTerminalUser ( + with pkgs; [ + # comand line tools + yt-dlp + ffmpeg + imagemagick + ] + ) + ++ ( + lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ - # comand line tools - yt-dlp - ffmpeg - imagemagick + #foss platforms + signal-desktop + bitwarden + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + # kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) + # wireshark + # rpi-imager + # fritzing + mfoc + + # proprietary platforms + discord + obsidian + steam + (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) + + anki-bin + + # development tools + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno + qFlipper + proxmark3 + godot_4-mono + + # system tools + protonvpn-gui + openvpn + nextcloud-client + noisetorch + + # hardware managment tools + (lib.mkIf hardware.piperMouse.enable piper) + (lib.mkIf hardware.openRGB.enable openrgb) + (lib.mkIf hardware.viaKeyboard.enable via) ] ) - ( - lib.mkIf (!cfg.isTerminalUser) ( - with pkgs; [ - #foss platforms - signal-desktop - bitwarden - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - # kicad-small - makemkv - transmission_4-gtk - onionshare - easytag - # rhythmbox - (lib.mkIf cfg.hasGPU obs-studio) - # wireshark - # rpi-imager - # fritzing - mfoc - - # proprietary platforms - discord - obsidian - steam - (lib.mkIf cfg.hasGPU davinci-resolve) - - anki-bin - - # development tools - androidStudioPackages.canary - jetbrains.idea-community - dbeaver-bin - bruno - qFlipper - proxmark3 - godot_4-mono - - # system tools - protonvpn-gui - openvpn - nextcloud-client - noisetorch - - # hardware managment tools - (lib.mkIf osConfig.hardware.piperMouse.enable piper) - (lib.mkIf osConfig.hardware.openRGB.enable openrgb) - (lib.mkIf osConfig.hardware.viaKeyboard.enable via) - ] - ) - ) - ] - ); + ); }; } diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 02411ada..37127f46 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -4,9 +4,7 @@ pkgs, inputs, ... -}: let - cfg = osConfig.nixos.users.leyla; -in { +}: { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -14,7 +12,7 @@ in { }; programs = { - bash.shellAliases = lib.mkIf cfg.isDesktopUser { + bash.shellAliases = { code = "codium"; }; @@ -23,7 +21,7 @@ in { open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; in { - enable = cfg.isDesktopUser; + enable = true; package = pkgs.vscodium; diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 06724b45..78c4ab5a 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -7,11 +7,21 @@ imports = [ inputs.disko.nixosModules.disko ../../enviroments/server + + ../../modules/hardware.nix + ../../modules/users.nix ]; - nixos.users = { - leyla = { - isTerminalUser = true; + nixpkgs.config.allowUnfree = true; + + host = { + users = { + leyla = { + isTerminalUser = true; + isDesktopUser = true; + }; + ester.isNormalUser = false; + eve.isNormalUser = false; }; }; diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index 13e4d5e2..c84a9b44 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -9,7 +9,6 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - ../hardware-common.nix ]; security.sudo.extraConfig = "Defaults lecture=never"; diff --git a/hosts/hardware-common.nix b/hosts/hardware-common.nix deleted file mode 100644 index 920d6092..00000000 --- a/hosts/hardware-common.nix +++ /dev/null @@ -1,15 +0,0 @@ -{lib, ...}: { - options = { - hardware = { - piperMouse = { - enable = lib.mkEnableOption "host has a piper mouse"; - }; - viaKeyboard = { - enable = lib.mkEnableOption "host has a via keyboard"; - }; - openRGB = { - enable = lib.mkEnableOption "host has open rgb hardware"; - }; - }; - }; -} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 7b85581d..53d04e9b 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,29 +3,32 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client + ../../modules/hardware.nix + ../../modules/users.nix ]; - nixos.users = { - leyla = { - isDesktopUser = true; - }; - ester = { - isDesktopUser = true; - }; - eve = { - isDesktopUser = true; + nixpkgs.config.allowUnfree = true; + + host = { + users = { + leyla = { + isDesktopUser = true; + isTerminalUser = true; + }; + ester.isDesktopUser = true; + eve.isDesktopUser = true; }; }; # enabled virtualisation for docker - virtualisation.docker = { - enable = true; - rootless = { - enable = true; - setSocketVariable = true; - }; - }; - users.extraGroups.docker.members = ["leyla"]; + # virtualisation.docker = { + # enable = true; + # rootless = { + # enable = true; + # setSocketVariable = true; + # }; + # }; + # users.extraGroups.docker.members = ["leyla"]; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 36459058..e3337029 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -10,7 +10,6 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - ../hardware-common.nix ]; boot = { diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 264ea404..17d7a9eb 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,17 +1,24 @@ {pkgs, ...}: { imports = [ ../../enviroments/client + + ../../modules/hardware.nix + ../../modules/users.nix ]; - nixos.users = { - leyla = { - isDesktopUser = true; - hasGPU = true; + + nixpkgs.config.allowUnfree = true; + + host = { + users = { + leyla.isDesktopUser = true; + ester.isDesktopUser = true; + eve.isDesktopUser = true; }; - ester = { - isDesktopUser = true; - }; - eve = { - isDesktopUser = true; + hardware = { + piperMouse.enable = true; + viaKeyboard.enable = true; + openRGB.enable = true; + graphicsAcceleration.enable = true; }; }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index b2f11ee1..fe2353ba 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -10,7 +10,6 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - ../hardware-common.nix ]; boot = { @@ -81,10 +80,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware = { - piperMouse.enable = true; - viaKeyboard.enable = true; - openRGB.enable = true; - # Enable OpenGL graphics.enable = true; diff --git a/modules/hardware.nix b/modules/hardware.nix new file mode 100644 index 00000000..b002658f --- /dev/null +++ b/modules/hardware.nix @@ -0,0 +1,16 @@ +{lib, ...}: { + options.host.hardware = { + piperMouse = { + enable = lib.mkEnableOption "host has a piper mouse"; + }; + viaKeyboard = { + enable = lib.mkEnableOption "host has a via keyboard"; + }; + openRGB = { + enable = lib.mkEnableOption "host has open rgb hardware"; + }; + graphicsAcceleration = { + enable = lib.mkEnableOption "host has a gpu for graphical acceleration"; + }; + }; +} diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 00000000..849fd688 --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,249 @@ +{ + lib, + config, + inputs, + ... +}: let + uids = { + leyla = 1000; + ester = 1001; + eve = 1002; + jellyfin = 2000; + forgejo = 2002; + pihole = 2003; + hass = 2004; + headscale = 2005; + nextcloud = 2006; + }; + + gids = { + leyla = 1000; + ester = 1001; + eve = 1002; + users = 100; + jellyfin_media = 2001; + jellyfin = 2000; + forgejo = 2002; + pihole = 2003; + hass = 2004; + headscale = 2005; + nextcloud = 2006; + }; + + users = config.users.users; + leyla = users.leyla.name; + ester = users.ester.name; + eve = users.eve.name; +in { + options.host.users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their desktop applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their terminal applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; + }; + isNormalUser = lib.mkOption { + type = lib.types.bool; + default = config.isDesktopUser || config.isTerminalUser; + description = '' + User should install their applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; + }; + }; + })); + }; + + config = { + # set up user passwords + sops.secrets = { + "passwords/leyla" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/ester" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/eve" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + }; + + users = { + mutableUsers = false; + users = { + leyla = { + uid = lib.mkForce uids.leyla; + description = "Leyla"; + extraGroups = + (lib.lists.optionals config.host.users.leyla.isNormalUser ["networkmanager" "wheel" "dialout"]) + ++ (lib.lists.optionals config.host.users.leyla.isDesktopUser ["adbusers"]); + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + isNormalUser = config.host.users.leyla.isNormalUser; + isSystemUser = !config.host.users.leyla.isNormalUser; + group = config.users.users.leyla.name; + }; + + ester = { + uid = lib.mkForce uids.ester; + description = "Ester"; + extraGroups = lib.optionals config.host.users.ester.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + isNormalUser = config.host.users.ester.isNormalUser; + isSystemUser = !config.host.users.ester.isNormalUser; + group = config.users.users.ester.name; + }; + + eve = { + uid = lib.mkForce uids.eve; + description = "Eve"; + extraGroups = lib.optionals config.host.users.eve.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + isNormalUser = config.host.users.eve.isNormalUser; + isSystemUser = !config.host.users.eve.isNormalUser; + group = config.users.users.eve.name; + }; + + jellyfin = { + uid = lib.mkForce uids.jellyfin; + isSystemUser = true; + group = config.users.users.jellyfin.name; + }; + + forgejo = { + uid = lib.mkForce uids.forgejo; + isSystemUser = true; + group = config.users.users.forgejo.name; + }; + + pihole = { + uid = lib.mkForce uids.pihole; + isSystemUser = true; + group = config.users.users.pihole.name; + }; + + hass = { + uid = lib.mkForce uids.hass; + isSystemUser = true; + group = config.users.users.hass.name; + }; + + headscale = { + uid = lib.mkForce uids.headscale; + isSystemUser = true; + group = config.users.users.headscale.name; + }; + + nextcloud = { + uid = lib.mkForce uids.nextcloud; + isSystemUser = true; + group = config.users.users.nextcloud.name; + }; + }; + + groups = { + leyla = { + gid = lib.mkForce gids.leyla; + members = [ + leyla + ]; + }; + + ester = { + gid = lib.mkForce gids.ester; + members = [ + ester + ]; + }; + + eve = { + gid = lib.mkForce gids.eve; + members = [ + eve + ]; + }; + + users = { + gid = lib.mkForce gids.users; + members = [ + leyla + ester + eve + ]; + }; + + jellyfin_media = { + gid = lib.mkForce gids.jellyfin_media; + members = [ + users.jellyfin.name + leyla + ester + eve + ]; + }; + + jellyfin = { + gid = lib.mkForce gids.jellyfin; + members = [ + users.jellyfin.name + # leyla + ]; + }; + + forgejo = { + gid = lib.mkForce gids.forgejo; + members = [ + users.forgejo.name + # leyla + ]; + }; + + pihole = { + gid = lib.mkForce gids.pihole; + members = [ + users.pihole.name + # leyla + ]; + }; + + hass = { + gid = lib.mkForce gids.hass; + members = [ + users.hass.name + # leyla + ]; + }; + + headscale = { + gid = lib.mkForce gids.headscale; + members = [ + users.headscale.name + # leyla + ]; + }; + + nextcloud = { + gid = lib.mkForce gids.nextcloud; + members = [ + users.nextcloud.name + # leyla + ]; + }; + }; + }; + }; +} diff --git a/util/default.nix b/util/default.nix index e091d800..61466100 100644 --- a/util/default.nix +++ b/util/default.nix @@ -17,12 +17,12 @@ forEachSystem = nixpkgs.lib.genAttrs systems; pkgsFor = system: nixpkgs.legacyPackages.${system}; - home-manager-config = { + home-manager-config = nixpkgs: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs;}; - home-manager.users = import ../homes; + home-manager.users = import ../homes nixpkgs; }; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); From aa7c2a2a15d88797574e58adb1f8107bab78df43 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 12:43:12 -0600 Subject: [PATCH 345/932] added isPrincipleUser to users --- enviroments/common/default.nix | 32 ------ hosts/defiant/configuration.nix | 3 +- hosts/horizon/configuration.nix | 1 + hosts/twilight/configuration.nix | 6 +- modules/users.nix | 189 +++++++++++++++++++++++-------- 5 files changed, 148 insertions(+), 83 deletions(-) diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index e2c9e405..e79a47af 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -4,7 +4,6 @@ nix = { settings = { experimental-features = ["nix-command" "flakes"]; - trusted-users = ["leyla"]; }; gc = { automatic = true; @@ -44,40 +43,9 @@ ports = [22]; settings = { PasswordAuthentication = false; - AllowUsers = ["leyla"]; # Allows all users by default. Can be [ "user1" "user2" ] UseDns = true; X11Forwarding = false; }; }; }; - - environment = { - # List packages installed in system profile. - systemPackages = with pkgs; [ - wget - - # version control - git - - # system debuging tools - iputils - dnsutils - ]; - - sessionVariables = rec { - SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix; - SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; - }; - }; - - sops = { - defaultSopsFormat = "yaml"; - gnupg.sshKeyPaths = []; - - age = { - keyFile = "/var/lib/sops-nix/key.txt"; - sshKeyPaths = []; - # generateKey = true; - }; - }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 78c4ab5a..c52fd740 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -17,8 +17,9 @@ host = { users = { leyla = { - isTerminalUser = true; isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; }; ester.isNormalUser = false; eve.isNormalUser = false; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 53d04e9b..529417dc 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -14,6 +14,7 @@ leyla = { isDesktopUser = true; isTerminalUser = true; + isPrincipleUser = true; }; ester.isDesktopUser = true; eve.isDesktopUser = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 17d7a9eb..a958cca0 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -10,7 +10,11 @@ host = { users = { - leyla.isDesktopUser = true; + leyla = { + isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; + }; ester.isDesktopUser = true; eve.isDesktopUser = true; }; diff --git a/modules/users.nix b/modules/users.nix index 849fd688..b85f4087 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -4,6 +4,15 @@ inputs, ... }: let + SOPS_AGE_KEY_DIRECTORY = import ../const/sops_age_key_directory.nix; + + host = config.host; + + hostUsers = host.hostUsers; + principleUsers = host.principleUsers; + terminalUsers = host.terminalUsers; + normalUsers = host.normalUsers; + uids = { leyla = 1000; ester = 1001; @@ -35,51 +44,129 @@ ester = users.ester.name; eve = users.eve.name; in { - options.host.users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their desktop applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + options.host = { + users = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({ + config, + name, + ... + }: { + options = { + name = lib.mkOption { + type = lib.types.string; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isPrincipleUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should be configured as root and have ssh access + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; + }; + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their desktop applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their terminal applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; + }; + isNormalUser = lib.mkOption { + type = lib.types.bool; + default = config.isDesktopUser || config.isTerminalUser; + description = '' + User should install their applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; + }; }; - isTerminalUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their terminal applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; - }; - isNormalUser = lib.mkOption { - type = lib.types.bool; - default = config.isDesktopUser || config.isTerminalUser; - description = '' - User should install their applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; - }; - }; - })); + })); + }; + hostUsers = lib.mkOption { + default = lib.attrsets.mapAttrsToList (_: user: user) host.users; + }; + principleUsers = lib.mkOption { + default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; + }; + normalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isTerminalUser) hostUsers; + }; + terminalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isNormalUser) hostUsers; + }; }; config = { + assertions = + ( + builtins.map (user: { + assertion = !(user.isPrincipleUser && !user.isNormalUser); + message = '' + Non normal user ${user.name} can not be a principle user. + ''; + }) + hostUsers + ) + ++ [ + { + assertion = (builtins.length principleUsers) > 0; + message = '' + At least one user must be a principle user. + ''; + } + ]; + + # principle users are by definition trusted + nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; + + # we should only be able to ssh into principle users of a computer who are also set up for terminal access + services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers); + + # we need to set up env variables to nix can find keys to decrypt passwords on rebuild + environment = { + sessionVariables = { + SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + }; + }; + # set up user passwords - sops.secrets = { - "passwords/leyla" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; + sops = { + defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; + + age = { + keyFile = "/var/lib/sops-nix/key.txt"; + sshKeyPaths = []; + # generateKey = true; }; - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/eve" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; + + secrets = { + "passwords/leyla" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/ester" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/eve" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; }; }; @@ -88,33 +175,37 @@ in { users = { leyla = { uid = lib.mkForce uids.leyla; + name = lib.mkForce host.users.leyla.name; description = "Leyla"; extraGroups = - (lib.lists.optionals config.host.users.leyla.isNormalUser ["networkmanager" "wheel" "dialout"]) - ++ (lib.lists.optionals config.host.users.leyla.isDesktopUser ["adbusers"]); + (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) + ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) + ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - isNormalUser = config.host.users.leyla.isNormalUser; - isSystemUser = !config.host.users.leyla.isNormalUser; + isNormalUser = host.users.leyla.isNormalUser; + isSystemUser = !host.users.leyla.isNormalUser; group = config.users.users.leyla.name; }; ester = { uid = lib.mkForce uids.ester; + name = lib.mkForce host.users.ester.name; description = "Ester"; - extraGroups = lib.optionals config.host.users.ester.isNormalUser ["networkmanager"]; + extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/ester".path; - isNormalUser = config.host.users.ester.isNormalUser; - isSystemUser = !config.host.users.ester.isNormalUser; + isNormalUser = host.users.ester.isNormalUser; + isSystemUser = !host.users.ester.isNormalUser; group = config.users.users.ester.name; }; eve = { uid = lib.mkForce uids.eve; + name = lib.mkForce host.users.eve.name; description = "Eve"; - extraGroups = lib.optionals config.host.users.eve.isNormalUser ["networkmanager"]; + extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; hashedPasswordFile = config.sops.secrets."passwords/eve".path; - isNormalUser = config.host.users.eve.isNormalUser; - isSystemUser = !config.host.users.eve.isNormalUser; + isNormalUser = host.users.eve.isNormalUser; + isSystemUser = !host.users.eve.isNormalUser; group = config.users.users.eve.name; }; From fa3cb19c0bdd752d158454f82dcec7fe9d75269f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 13:07:15 -0600 Subject: [PATCH 346/932] moved more out of common config --- enviroments/client/default.nix | 51 ------------- homes/leyla/default.nix | 125 +------------------------------ hosts/defiant/configuration.nix | 2 + hosts/horizon/configuration.nix | 2 + hosts/twilight/configuration.nix | 2 + modules/desktop.nix | 38 ++++++++++ modules/nix-development.nix | 14 ++++ 7 files changed, 60 insertions(+), 174 deletions(-) create mode 100644 modules/desktop.nix create mode 100644 modules/nix-development.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 16e32631..8f3c2cf9 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -7,55 +7,7 @@ ../common ]; - nix = { - nixPath = ["nixpkgs=${inputs.nixpkgs}"]; - }; - - services = { - # Enable CUPS to print documents. - printing.enable = true; - - xserver = { - # Enable the X11 windowing system. - enable = true; - - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager = { - gnome.enable = true; - xterm.enable = false; - }; - - # Get rid of xTerm - excludePackages = [pkgs.xterm]; - - # Configure keymap in X11 - xkb = { - layout = "us,it,de"; - variant = ""; - }; - }; - - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # tailscale = { - # enable = true; - # }; - }; - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; hardware.flipperzero.enable = true; security.rtkit.enable = true; @@ -63,9 +15,6 @@ # helvetica font aileron - # nix langauge server - nixd - cachefilesd gnomeExtensions.dash-to-dock diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index fe90ccda..98863354 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -58,6 +58,8 @@ }; }; + keyboard.layout = "us,it,de"; + # Home Manager can also manage your environment variables through # 'home.sessionVariables'. If you don't want to manage your shell through Home # Manager then you have to manually source 'hm-session-vars.sh' located at @@ -101,129 +103,6 @@ }; }; bash.enable = true; - - # firefox = { - # enable = true; - # profiles.leyla = { - - # settings = { - # "browser.search.defaultenginename" = "Searx"; - # "browser.search.order.1" = "Searx"; - # }; - - # search = { - # force = true; - # default = "Searx"; - # engines = { - # "Nix Packages" = { - # urls = [{ - # template = "https://search.nixos.org/packages"; - # params = [ - # { name = "type"; value = "packages"; } - # { name = "query"; value = "{searchTerms}"; } - # ]; - # }]; - # icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - # definedAliases = [ "@np" ]; - # }; - # "NixOS Wiki" = { - # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@nw" ]; - # }; - # "Searx" = { - # urls = [{ template = "https://search.jan-leila.com/?q={searchTerms}"; }]; - # iconUpdateURL = "https://nixos.wiki/favicon.png"; - # updateInterval = 24 * 60 * 60 * 1000; # every day - # definedAliases = [ "@searx" ]; - # }; - # }; - # }; - - # extentions = with pkgs.nur.repos.rycee.firefox-addons; [ - # ublock-origin - # bitwarden - - # ]; - - # bookmarks = [ - # { - # name = "Media"; - # url = "https://jellyfin.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Drive"; - # url = "https://drive.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Git"; - # url = "https://git.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Home Automation"; - # url = "https://home-assistant.jan-leila.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mail"; - # url = "https://mail.protonmail.com"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Open Street Map"; - # url = "https://www.openstreetmap.org/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Password Manager"; - # url = "https://vault.bitwarden.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Mastodon"; - # url = "https://tech.lgbt"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Linked In"; - # url = "https://www.linkedin.com/"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "Job Search"; - # url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - # keyword = ""; - # tags = [""]; - # } - # { - # name = "React Docs"; - # url = "https://react.dev/"; - # keyword = ""; - # tags = [""]; - # } - # # Template - # # { - # # name = ""; - # # url = ""; - # # keyword = ""; - # # tags = [""]; - # # } - # ]; - # }; - # } }; dconf = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index c52fd740..cd76cdfe 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -10,6 +10,8 @@ ../../modules/hardware.nix ../../modules/users.nix + ../../modules/desktop.nix + ../../modules/nix-development.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 529417dc..a6568406 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -5,6 +5,8 @@ ../../enviroments/client ../../modules/hardware.nix ../../modules/users.nix + ../../modules/desktop.nix + ../../modules/nix-development.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index a958cca0..b49baa58 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -4,6 +4,8 @@ ../../modules/hardware.nix ../../modules/users.nix + ../../modules/desktop.nix + ../../modules/nix-development.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/modules/desktop.nix b/modules/desktop.nix new file mode 100644 index 00000000..f67407d3 --- /dev/null +++ b/modules/desktop.nix @@ -0,0 +1,38 @@ +{pkgs, ...}: { + services = { + # Enable CUPS to print documents. + printing.enable = true; + + xserver = { + # Enable the X11 windowing system. + enable = true; + + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + }; + + # Get rid of xTerm + desktopManager.xterm.enable = false; + excludePackages = [pkgs.xterm]; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + }; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; +} diff --git a/modules/nix-development.nix b/modules/nix-development.nix new file mode 100644 index 00000000..c4eacac3 --- /dev/null +++ b/modules/nix-development.nix @@ -0,0 +1,14 @@ +{ + inputs, + pkgs, + ... +}: { + nix = { + nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + }; + + environment.systemPackages = with pkgs; [ + # nix langauge server + nixd + ]; +} From 9215e04043c94f28439167550724c83baea87838 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 13:13:33 -0600 Subject: [PATCH 347/932] moved some system packages to home manager --- enviroments/client/default.nix | 5 ----- homes/ester/default.nix | 3 +++ homes/leyla/packages.nix | 5 +++++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 8f3c2cf9..2bf0b750 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -12,11 +12,6 @@ security.rtkit.enable = true; environment.systemPackages = with pkgs; [ - # helvetica font - aileron - cachefilesd - - gnomeExtensions.dash-to-dock ]; } diff --git a/homes/ester/default.nix b/homes/ester/default.nix index 1e5d5796..e0d5e86f 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -56,6 +56,9 @@ in { packages = lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ + # helvetica font + aileron + firefox bitwarden discord diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 97327ce3..a64909fb 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -25,6 +25,11 @@ in { ++ ( lib.lists.optionals cfg.isDesktopUser ( with pkgs; [ + # helvetica font + aileron + + gnomeExtensions.dash-to-dock + #foss platforms signal-desktop bitwarden From eaa19be74115c877915480ed60257f4cb15d6a8d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 13:15:40 -0600 Subject: [PATCH 348/932] moved another config to desktop module --- enviroments/client/default.nix | 1 - modules/desktop.nix | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 2bf0b750..bf2b35e6 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -9,7 +9,6 @@ # Enable sound with pipewire. hardware.flipperzero.enable = true; - security.rtkit.enable = true; environment.systemPackages = with pkgs; [ cachefilesd diff --git a/modules/desktop.nix b/modules/desktop.nix index f67407d3..14580baf 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -35,4 +35,7 @@ # Enable sound with pipewire. hardware.pulseaudio.enable = false; + + # enable RealtimeKit for pulse audio + security.rtkit.enable = true; } From bf0686a14bf0adac1423a979e5174ce197f28b63 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:17:32 -0600 Subject: [PATCH 349/932] added enables to modules and made base module that imports all other modules --- enviroments/common/default.nix | 2 +- hosts/defiant/configuration.nix | 5 +- hosts/horizon/configuration.nix | 5 +- hosts/twilight/configuration.nix | 5 +- modules/default.nix | 8 +++ modules/desktop.nix | 84 +++++++++++++++++++------------- modules/nix-development.nix | 25 +++++++--- 7 files changed, 79 insertions(+), 55 deletions(-) create mode 100644 modules/default.nix diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index e79a47af..691acc7a 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{...}: { imports = []; nix = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index cd76cdfe..20635790 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -8,10 +8,7 @@ inputs.disko.nixosModules.disko ../../enviroments/server - ../../modules/hardware.nix - ../../modules/users.nix - ../../modules/desktop.nix - ../../modules/nix-development.nix + ../../modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index a6568406..6940726c 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,10 +3,7 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client - ../../modules/hardware.nix - ../../modules/users.nix - ../../modules/desktop.nix - ../../modules/nix-development.nix + ../../modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index b49baa58..4a990692 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -2,10 +2,7 @@ imports = [ ../../enviroments/client - ../../modules/hardware.nix - ../../modules/users.nix - ../../modules/desktop.nix - ../../modules/nix-development.nix + ../../modules ]; nixpkgs.config.allowUnfree = true; diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 00000000..58b93a06 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,8 @@ +{...}: { + imports = [ + ./hardware.nix + ./users.nix + ./desktop.nix + ./nix-development.nix + ]; +} diff --git a/modules/desktop.nix b/modules/desktop.nix index 14580baf..e349abe0 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -1,41 +1,55 @@ -{pkgs, ...}: { - services = { - # Enable CUPS to print documents. - printing.enable = true; +{ + lib, + pkgs, + config, + ... +}: { + options.host.desktop.enable = lib.mkEnableOption "should desktop configuration be enabled"; - xserver = { - # Enable the X11 windowing system. - enable = true; + config = lib.mkMerge [ + { + host.desktop.enable = lib.mkDefault true; + } + (lib.mkIf config.host.desktop.enable { + services = { + # Enable CUPS to print documents. + printing.enable = true; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager = { - gnome.enable = true; + xserver = { + # Enable the X11 windowing system. + enable = true; + + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + }; + + # Get rid of xTerm + desktopManager.xterm.enable = false; + excludePackages = [pkgs.xterm]; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; }; - # Get rid of xTerm - desktopManager.xterm.enable = false; - excludePackages = [pkgs.xterm]; - }; + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - }; - - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; - - # enable RealtimeKit for pulse audio - security.rtkit.enable = true; + # enable RealtimeKit for pulse audio + security.rtkit.enable = true; + }) + ]; } diff --git a/modules/nix-development.nix b/modules/nix-development.nix index c4eacac3..d6704180 100644 --- a/modules/nix-development.nix +++ b/modules/nix-development.nix @@ -1,14 +1,25 @@ { - inputs, + lib, + config, pkgs, + inputs, ... }: { - nix = { - nixPath = ["nixpkgs=${inputs.nixpkgs}"]; - }; + options.host.nix-development.enable = lib.mkEnableOption "should desktop configuration be enabled"; - environment.systemPackages = with pkgs; [ - # nix langauge server - nixd + config = lib.mkMerge [ + { + host.nix-development.enable = lib.mkDefault true; + } + (lib.mkIf config.host.nix-development.enable { + nix = { + nixPath = ["nixpkgs=${inputs.nixpkgs}"]; + }; + + environment.systemPackages = with pkgs; [ + # nix langauge server + nixd + ]; + }) ]; } From c039e60c4ed24cd16980e38886d5a0763d813d25 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:29:37 -0600 Subject: [PATCH 350/932] created system module --- enviroments/client/default.nix | 6 +----- enviroments/common/default.nix | 33 --------------------------------- modules/default.nix | 1 + modules/desktop.nix | 4 ++++ modules/system.nix | 28 ++++++++++++++++++++++++++++ 5 files changed, 34 insertions(+), 38 deletions(-) create mode 100644 modules/system.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index bf2b35e6..75265b8a 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,8 +1,4 @@ -{ - pkgs, - inputs, - ... -}: { +{pkgs, ...}: { imports = [ ../common ]; diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 691acc7a..83201c49 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,21 +1,4 @@ {...}: { - imports = []; - - nix = { - settings = { - experimental-features = ["nix-command" "flakes"]; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - optimise = { - automatic = true; - dates = ["weekly"]; - }; - }; - # Enable networking networking.networkmanager.enable = true; @@ -32,20 +15,4 @@ LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; - - services = { - automatic-timezoned = { - enable = true; - }; - - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; - }; - }; } diff --git a/modules/default.nix b/modules/default.nix index 58b93a06..2087f1a4 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./system.nix ./hardware.nix ./users.nix ./desktop.nix diff --git a/modules/desktop.nix b/modules/desktop.nix index e349abe0..6f119afc 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -43,6 +43,10 @@ # no need to redefine it in your config for now) #media-session.enable = true; }; + + automatic-timezoned = { + enable = true; + }; }; # Enable sound with pipewire. diff --git a/modules/system.nix b/modules/system.nix new file mode 100644 index 00000000..918c2197 --- /dev/null +++ b/modules/system.nix @@ -0,0 +1,28 @@ +{...}: { + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + optimise = { + automatic = true; + dates = ["weekly"]; + }; + }; + + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; + }; +} From d46cdc8b1b0dc6abe78c1fb953ef0acbb48bddd6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:31:11 -0600 Subject: [PATCH 351/932] ran linted --- modules/desktop.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/desktop.nix b/modules/desktop.nix index 6f119afc..d1b05175 100644 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -43,7 +43,6 @@ # no need to redefine it in your config for now) #media-session.enable = true; }; - automatic-timezoned = { enable = true; }; From 755c7f0e3a216390fd385cedf1b8974d1c35c59f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:32:27 -0600 Subject: [PATCH 352/932] commented out unused variable --- modules/users.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/users.nix b/modules/users.nix index b85f4087..3f75a4b0 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -11,7 +11,7 @@ hostUsers = host.hostUsers; principleUsers = host.principleUsers; terminalUsers = host.terminalUsers; - normalUsers = host.normalUsers; + # normalUsers = host.normalUsers; uids = { leyla = 1000; From a755b9ff48a0202014a2ddac82b17a48a208921d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 14:55:19 -0600 Subject: [PATCH 353/932] moved modules into host-modules --- enviroments/client/default.nix | 4 ++-- {modules => host-modules}/default.nix | 0 {modules => host-modules}/desktop.nix | 0 {modules => host-modules}/hardware.nix | 0 {modules => host-modules}/nix-development.nix | 0 {modules => host-modules}/system.nix | 0 {modules => host-modules}/users.nix | 0 hosts/defiant/configuration.nix | 2 +- hosts/horizon/configuration.nix | 2 +- hosts/twilight/configuration.nix | 2 +- 10 files changed, 5 insertions(+), 5 deletions(-) rename {modules => host-modules}/default.nix (100%) rename {modules => host-modules}/desktop.nix (100%) rename {modules => host-modules}/hardware.nix (100%) rename {modules => host-modules}/nix-development.nix (100%) rename {modules => host-modules}/system.nix (100%) rename {modules => host-modules}/users.nix (100%) diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 75265b8a..052651e2 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -3,8 +3,8 @@ ../common ]; - # Enable sound with pipewire. - hardware.flipperzero.enable = true; + # # Enable sound with pipewire. + # hardware.flipperzero.enable = true; environment.systemPackages = with pkgs; [ cachefilesd diff --git a/modules/default.nix b/host-modules/default.nix similarity index 100% rename from modules/default.nix rename to host-modules/default.nix diff --git a/modules/desktop.nix b/host-modules/desktop.nix similarity index 100% rename from modules/desktop.nix rename to host-modules/desktop.nix diff --git a/modules/hardware.nix b/host-modules/hardware.nix similarity index 100% rename from modules/hardware.nix rename to host-modules/hardware.nix diff --git a/modules/nix-development.nix b/host-modules/nix-development.nix similarity index 100% rename from modules/nix-development.nix rename to host-modules/nix-development.nix diff --git a/modules/system.nix b/host-modules/system.nix similarity index 100% rename from modules/system.nix rename to host-modules/system.nix diff --git a/modules/users.nix b/host-modules/users.nix similarity index 100% rename from modules/users.nix rename to host-modules/users.nix diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 20635790..2068b6fc 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -8,7 +8,7 @@ inputs.disko.nixosModules.disko ../../enviroments/server - ../../modules + ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 6940726c..c784ef68 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,7 +3,7 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client - ../../modules + ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 4a990692..182c867b 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -2,7 +2,7 @@ imports = [ ../../enviroments/client - ../../modules + ../../host-modules ]; nixpkgs.config.allowUnfree = true; From 90f0c114b3ad3b00149b05122205ae9999465bb4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 15:23:04 -0600 Subject: [PATCH 354/932] created home manager nixos adapter modules --- enviroments/client/default.nix | 3 --- home-modules/default.nix | 5 +++++ home-modules/flipperzero.nix | 3 +++ homes/ester/default.nix | 4 ++++ homes/eve/default.nix | 4 ++++ homes/leyla/default.nix | 7 ++----- host-modules/default.nix | 1 + host-modules/home-manager/default.nix | 6 ++++++ host-modules/home-manager/flipperzero.nix | 9 +++++++++ 9 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 home-modules/default.nix create mode 100644 home-modules/flipperzero.nix create mode 100644 host-modules/home-manager/default.nix create mode 100644 host-modules/home-manager/flipperzero.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index 052651e2..f1de3753 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -3,9 +3,6 @@ ../common ]; - # # Enable sound with pipewire. - # hardware.flipperzero.enable = true; - environment.systemPackages = with pkgs; [ cachefilesd ]; diff --git a/home-modules/default.nix b/home-modules/default.nix new file mode 100644 index 00000000..1fb9724e --- /dev/null +++ b/home-modules/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./flipperzero.nix + ]; +} diff --git a/home-modules/flipperzero.nix b/home-modules/flipperzero.nix new file mode 100644 index 00000000..6354bc0f --- /dev/null +++ b/home-modules/flipperzero.nix @@ -0,0 +1,3 @@ +{lib, ...}: { + options.hardware.flipperzero.enable = lib.mkEnableOption "enable flipperzero hardware"; +} diff --git a/homes/ester/default.nix b/homes/ester/default.nix index e0d5e86f..dfe8175d 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -6,6 +6,10 @@ }: let cfg = osConfig.host.users.ester; in { + imports = [ + ../../home-modules + ]; + config = { home = { username = "ester"; diff --git a/homes/eve/default.nix b/homes/eve/default.nix index d358b0d8..3d7d7c31 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -6,6 +6,10 @@ }: let cfg = osConfig.host.users.eve; in { + imports = [ + ../../home-modules + ]; + config = { home = { username = "eve"; diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index 98863354..84eb5bf2 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -1,10 +1,7 @@ -{ - pkgs, - osConfig, - ... -}: { +{pkgs, ...}: { imports = [ ./packages.nix + ../../home-modules ]; config = { diff --git a/host-modules/default.nix b/host-modules/default.nix index 2087f1a4..a90caf18 100644 --- a/host-modules/default.nix +++ b/host-modules/default.nix @@ -5,5 +5,6 @@ ./users.nix ./desktop.nix ./nix-development.nix + ./home-manager ]; } diff --git a/host-modules/home-manager/default.nix b/host-modules/home-manager/default.nix new file mode 100644 index 00000000..885e035d --- /dev/null +++ b/host-modules/home-manager/default.nix @@ -0,0 +1,6 @@ +# modules in this folder are to adapt home manager modules defined in `home-modules` to any nix module configs that they need to set +{...}: { + imports = [ + ./flipperzero.nix + ]; +} diff --git a/host-modules/home-manager/flipperzero.nix b/host-modules/home-manager/flipperzero.nix new file mode 100644 index 00000000..6c947730 --- /dev/null +++ b/host-modules/home-manager/flipperzero.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: let + home-users = lib.attrsets.mapAttrsToList (_: user: user) config.home-manager.users; +in { + hardware.flipperzero.enable = lib.lists.any (home-user: home-user.hardware.flipperzero.enable) home-users; +} From 3fdee879c712002e790a682ea19c1d417621adcd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 21:51:42 -0600 Subject: [PATCH 355/932] added home manager configurations to output --- flake.nix | 19 +++++++++++++++++-- homes/ester/default.nix | 6 +++--- homes/eve/default.nix | 6 +++--- homes/leyla/default.nix | 10 +++++++--- homes/leyla/firefox.nix | 2 -- homes/leyla/packages.nix | 6 +++--- homes/leyla/vscode.nix | 4 ---- host-modules/users.nix | 2 +- util/default.nix | 22 +++++++++++----------- 9 files changed, 45 insertions(+), 32 deletions(-) diff --git a/flake.nix b/flake.nix index e895b5b0..1d95a4f2 100644 --- a/flake.nix +++ b/flake.nix @@ -63,11 +63,15 @@ }; }; - outputs = {...} @ inputs: let + outputs = { + self, + nixpkgs, + ... + } @ inputs: let util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; mkSystem = util.mkSystem; - # mkHome = util.mkHome; + mkHome = util.mkHome; # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); # lib = callPackage ./lib {} // nixpkgs.lib; in { @@ -93,6 +97,17 @@ }; }); + homeConfigurations = nixpkgs.lib.attrsets.mergeAttrsList ( + nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( + nixpkgs.lib.attrsets.mapAttrs' (user: _: { + name = "${user}@${hostname}"; + value = mkHome user hostname system.pkgs.hostPlatform.system system.config; + }) + system.config.home-manager.users + )) + self.nixosConfigurations + ); + # homeConfigurations = { # "leyla@horizon" = mkHome "leyla" "horizon"; # "x86_64-linux" ./homes/leyla; # }; diff --git a/homes/ester/default.nix b/homes/ester/default.nix index dfe8175d..bf37a9df 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.host.users.ester; + userConfig = osConfig.host.users.ester; in { imports = [ ../../home-modules @@ -12,7 +12,7 @@ in { config = { home = { - username = "ester"; + username = userConfig.name; homeDirectory = osConfig.users.users.ester.home; # This value determines the Home Manager release that your configuration is @@ -58,7 +58,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.lists.optionals cfg.isDesktopUser ( + packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ # helvetica font aileron diff --git a/homes/eve/default.nix b/homes/eve/default.nix index 3d7d7c31..21b4a8a2 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -4,7 +4,7 @@ osConfig, ... }: let - cfg = osConfig.host.users.eve; + userConfig = osConfig.host.users.eve; in { imports = [ ../../home-modules @@ -12,7 +12,7 @@ in { config = { home = { - username = "eve"; + username = userConfig.name; homeDirectory = osConfig.users.users.eve.home; # This value determines the Home Manager release that your configuration is @@ -58,7 +58,7 @@ in { # EDITOR = "emacs"; }; - packages = lib.lists.optionals cfg.isDesktopUser ( + packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ firefox bitwarden diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index 84eb5bf2..1a1d2842 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + osConfig, + ... +}: { imports = [ ./packages.nix ../../home-modules @@ -8,8 +12,8 @@ # Home Manager needs a bit of information about you and the paths it should # manage. home = { - username = "leyla"; - # homeDirectory = osConfig.users.users.leyla.home; + username = osConfig.host.users.leyla.name; + homeDirectory = osConfig.users.users.leyla.home; # This value determines the Home Manager release that your configuration is # compatible with. This helps avoid breakage when a new Home Manager release diff --git a/homes/leyla/firefox.nix b/homes/leyla/firefox.nix index 32a3c6b4..e8e0c6cd 100644 --- a/homes/leyla/firefox.nix +++ b/homes/leyla/firefox.nix @@ -1,7 +1,5 @@ { lib, - osConfig, - # buildFirefoxXpiAddon, pkgs, inputs, ... diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index a64909fb..12bef3a6 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - cfg = osConfig.host.users.leyla; + userConifg = osConfig.host.users.leyla; hardware = osConfig.host.hardware; in { imports = [ @@ -14,7 +14,7 @@ in { home = { packages = - lib.lists.optionals cfg.isTerminalUser ( + lib.lists.optionals userConifg.isTerminalUser ( with pkgs; [ # comand line tools yt-dlp @@ -23,7 +23,7 @@ in { ] ) ++ ( - lib.lists.optionals cfg.isDesktopUser ( + lib.lists.optionals userConifg.isDesktopUser ( with pkgs; [ # helvetica font aileron diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 37127f46..66765463 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -1,6 +1,4 @@ { - lib, - osConfig, pkgs, inputs, ... @@ -77,8 +75,6 @@ # misc extensions bungcip.better-toml - - # lib.mkIf open-vsx."10nates".ollama-autocoder ] ++ ( with vscode-marketplace; [ diff --git a/host-modules/users.nix b/host-modules/users.nix index 3f75a4b0..154de892 100644 --- a/host-modules/users.nix +++ b/host-modules/users.nix @@ -88,7 +88,7 @@ in { type = lib.types.bool; default = config.isDesktopUser || config.isTerminalUser; description = '' - User should install their applications + User should install their applications and can log in ''; defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; }; diff --git a/util/default.nix b/util/default.nix index 61466100..7ea1a8cd 100644 --- a/util/default.nix +++ b/util/default.nix @@ -47,15 +47,15 @@ in { ]; }; - # mkHome = user: host: - # home-manager.lib.homeManagerConfiguration { - # # pkgs = pkgsFor system; - # extraSpecialArgs = { - # inherit inputs util outputs; - # }; - # modules = [ - # # config - # outputs.homeManagerModules.default - # ]; - # }; + mkHome = user: host: system: osConfig: + home-manager.lib.homeManagerConfiguration { + pkgs = pkgsFor system; + extraSpecialArgs = { + inherit inputs util outputs osConfig; + }; + modules = [ + # outputs.homeManagerModules.default + ../homes/${user} + ]; + }; } From 11092d11b5e35d99d386a0adc3c6844f025399f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:03:23 -0600 Subject: [PATCH 356/932] added overlays to home manager --- overlays/default.nix | 5 ----- overlays/intellij.nix | 18 ------------------ overlays/vscodium.nix | 14 -------------- util/default.nix | 2 +- 4 files changed, 1 insertion(+), 38 deletions(-) delete mode 100644 overlays/intellij.nix delete mode 100644 overlays/vscodium.nix diff --git a/overlays/default.nix b/overlays/default.nix index 4957ab82..ea8f50d4 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,7 +1,2 @@ {...}: { - nixpkgs.overlays = [ - ( - self: super: import ../pkgs {pkgs = super;} - ) - ]; } diff --git a/overlays/intellij.nix b/overlays/intellij.nix deleted file mode 100644 index c9075885..00000000 --- a/overlays/intellij.nix +++ /dev/null @@ -1,18 +0,0 @@ -_: { - # nixpkgs.overlays = [ - # (self: super: { - # # idea is too out of date for android gradle things - # jetbrains = { - # jdk = super.jdk17; - # idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { - # version = "2023.3.3"; - # name = "idea-community-${version}"; - # src = super.fetchurl { - # sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; - # url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; - # }; - # }); - # }; - # }) - # ]; -} diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix deleted file mode 100644 index 7c5f863a..00000000 --- a/overlays/vscodium.nix +++ /dev/null @@ -1,14 +0,0 @@ -_: { - # nixpkgs.overlays = [ - # (self: super: { - # # ui is broken on 1.84 - # vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { - # version = "1.85.2.24019"; - # src = super.fetchurl { - # sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; - # url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; - # }; - # }); - # }) - # ]; -} diff --git a/util/default.nix b/util/default.nix index 7ea1a8cd..c64bd4db 100644 --- a/util/default.nix +++ b/util/default.nix @@ -54,7 +54,7 @@ in { inherit inputs util outputs osConfig; }; modules = [ - # outputs.homeManagerModules.default + ../overlays ../homes/${user} ]; }; From b1b43bb7f0800b8de9047c69aa069d2b63b5dae8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:29:00 -0600 Subject: [PATCH 357/932] cleaned up configuration structure to have common modules folder --- flake.nix | 2 -- homes/ester/default.nix | 4 +--- homes/eve/default.nix | 4 +--- homes/leyla/default.nix | 1 - hosts/defiant/configuration.nix | 2 -- hosts/horizon/configuration.nix | 1 - hosts/horizon/hardware-configuration.nix | 1 - hosts/twilight/configuration.nix | 2 -- modules/default.nix | 7 +++++++ modules/overlays/default.nix | 3 +++ {pkgs => modules/pkgs}/default.nix | 1 + overlays/default.nix | 2 -- util/default.nix | 17 ++++++++++++----- 13 files changed, 25 insertions(+), 22 deletions(-) create mode 100644 modules/default.nix create mode 100644 modules/overlays/default.nix rename {pkgs => modules/pkgs}/default.nix (60%) delete mode 100644 overlays/default.nix diff --git a/flake.nix b/flake.nix index 1d95a4f2..642e0319 100644 --- a/flake.nix +++ b/flake.nix @@ -75,8 +75,6 @@ # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); # lib = callPackage ./lib {} // nixpkgs.lib; in { - packages = forEachPkgs (import ./pkgs); - formatter = forEachPkgs (pkgs: pkgs.alejandra); devShells = forEachPkgs (pkgs: { diff --git a/homes/ester/default.nix b/homes/ester/default.nix index bf37a9df..29d668f2 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -6,9 +6,7 @@ }: let userConfig = osConfig.host.users.ester; in { - imports = [ - ../../home-modules - ]; + imports = []; config = { home = { diff --git a/homes/eve/default.nix b/homes/eve/default.nix index 21b4a8a2..0c6c0b2d 100644 --- a/homes/eve/default.nix +++ b/homes/eve/default.nix @@ -6,9 +6,7 @@ }: let userConfig = osConfig.host.users.eve; in { - imports = [ - ../../home-modules - ]; + imports = []; config = { home = { diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index 1a1d2842..a879526c 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -5,7 +5,6 @@ }: { imports = [ ./packages.nix - ../../home-modules ]; config = { diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 2068b6fc..178aedf4 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -7,8 +7,6 @@ imports = [ inputs.disko.nixosModules.disko ../../enviroments/server - - ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index c784ef68..50b574b6 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -3,7 +3,6 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ../../enviroments/client - ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index e3337029..ed6246a6 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 182c867b..872e9444 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,8 +1,6 @@ {pkgs, ...}: { imports = [ ../../enviroments/client - - ../../host-modules ]; nixpkgs.config.allowUnfree = true; diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 00000000..3dd19232 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,7 @@ +# this folder is for modules that are common between nixos, home-manager, and darwin +{...}: { + imports = [ + ./overlays + ./pkgs + ]; +} diff --git a/modules/overlays/default.nix b/modules/overlays/default.nix new file mode 100644 index 00000000..08085f5f --- /dev/null +++ b/modules/overlays/default.nix @@ -0,0 +1,3 @@ +# this folder is for derivation overlays +{...}: { +} diff --git a/pkgs/default.nix b/modules/pkgs/default.nix similarity index 60% rename from pkgs/default.nix rename to modules/pkgs/default.nix index b02ba6c1..3e4456b5 100644 --- a/pkgs/default.nix +++ b/modules/pkgs/default.nix @@ -1,3 +1,4 @@ +# this folder is for custom derivations {...}: { # package = pkgs.callPackage ./package.nix {}; } diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index ea8f50d4..00000000 --- a/overlays/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -{...}: { -} diff --git a/util/default.nix b/util/default.nix index c64bd4db..ae298ad7 100644 --- a/util/default.nix +++ b/util/default.nix @@ -17,12 +17,17 @@ forEachSystem = nixpkgs.lib.genAttrs systems; pkgsFor = system: nixpkgs.legacyPackages.${system}; + home-manager-shared-modules = [ + ../modules + ../home-modules + ]; home-manager-config = nixpkgs: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs;}; home-manager.users = import ../homes nixpkgs; + home-manager.sharedModules = home-manager-shared-modules; }; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); @@ -42,7 +47,8 @@ in { sops-nix.nixosModules.sops home-manager.nixosModules.home-manager home-manager-config - ../overlays + ../modules + ../host-modules ../hosts/${host} ]; }; @@ -53,9 +59,10 @@ in { extraSpecialArgs = { inherit inputs util outputs osConfig; }; - modules = [ - ../overlays - ../homes/${user} - ]; + modules = + home-manager-shared-modules + ++ [ + ../homes/${user} + ]; }; } From 41f6d138c45c082c6dfa809ceaf2f96e521e1ed5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:33:05 -0600 Subject: [PATCH 358/932] cleaned up teaks in README.md --- README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/README.md b/README.md index 8a340329..60d00a07 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,6 @@ - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - https://nixos-and-flakes.thiscute.world/ -- `homeConfigurations` https://github.com/diego-vicente/dotfiles/blob/6c47284868f9e99483da34257144bd03ae5edbbe/flake.nix # Tasks: @@ -45,17 +44,13 @@ - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in server environment into their own flakes -- get rid of disko config and import it in hardware-configuration.nix -- why does users.users..home conflict with home-manager.users..home.homeDirectory - get rid of environments folder ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates -- default open file types - samba mounts - figure out steam vr things? - Open GL? -- util functions - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing From 533ad19e7c98c26879d9b2575329fa7e17b5c2fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 22:51:40 -0600 Subject: [PATCH 359/932] added note to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 60d00a07..9ad42610 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ - get rid of environments folder ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- Flake templates +- Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init - samba mounts - figure out steam vr things? - Open GL? From bc53ae6ee20b69226f2eb3852f01f6dfb438b9e4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Nov 2024 23:04:04 -0600 Subject: [PATCH 360/932] removed unneeded code from flake.nix --- flake.nix | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 642e0319..6845fcf7 100644 --- a/flake.nix +++ b/flake.nix @@ -72,11 +72,11 @@ forEachPkgs = util.forEachPkgs; mkSystem = util.mkSystem; mkHome = util.mkHome; - # callPackage = nixpkgs.lib.callPackageWith (nixpkgs // {lib = lib;}); - # lib = callPackage ./lib {} // nixpkgs.lib; in { formatter = forEachPkgs (pkgs: pkgs.alejandra); + # templates = import ./templates; + devShells = forEachPkgs (pkgs: { default = pkgs.mkShell { packages = with pkgs; [ @@ -106,12 +106,7 @@ self.nixosConfigurations ); - # homeConfigurations = { - # "leyla@horizon" = mkHome "leyla" "horizon"; # "x86_64-linux" ./homes/leyla; - # }; - nixosConfigurations = { - # Leyla Laptop horizon = mkSystem "horizon"; twilight = mkSystem "twilight"; defiant = mkSystem "defiant"; From 4d191a27ccff4153428bc2919767b251ea3321d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 00:59:05 -0600 Subject: [PATCH 361/932] moved local to modules --- README.md | 3 -- enviroments/common/default.nix | 14 --------- home-modules/default.nix | 1 + home-modules/i18n.nix | 42 +++++++++++++++++++++++++++ homes/ester/default.nix | 2 ++ homes/leyla/default.nix | 1 + homes/leyla/i18n.nix | 12 ++++++++ host-modules/default.nix | 1 + host-modules/home-manager/default.nix | 1 + host-modules/home-manager/i18n.nix | 26 +++++++++++++++++ host-modules/i18n.nix | 3 ++ host-modules/users.nix | 2 +- 12 files changed, 90 insertions(+), 18 deletions(-) create mode 100644 home-modules/i18n.nix create mode 100644 homes/leyla/i18n.nix create mode 100644 host-modules/home-manager/i18n.nix create mode 100644 host-modules/i18n.nix diff --git a/README.md b/README.md index 9ad42610..1f152e93 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,6 @@ | `threshold` | Laptop | Eve | Laptop | # Tooling -## Lint -`./lint.sh` - ## Rebuilding `./rebuild.sh` diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix index 83201c49..d6d44edf 100644 --- a/enviroments/common/default.nix +++ b/enviroments/common/default.nix @@ -1,18 +1,4 @@ {...}: { # Enable networking networking.networkmanager.enable = true; - - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; } diff --git a/home-modules/default.nix b/home-modules/default.nix index 1fb9724e..b3f5c458 100644 --- a/home-modules/default.nix +++ b/home-modules/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ ./flipperzero.nix + ./i18n.nix ]; } diff --git a/home-modules/i18n.nix b/home-modules/i18n.nix new file mode 100644 index 00000000..2c93e597 --- /dev/null +++ b/home-modules/i18n.nix @@ -0,0 +1,42 @@ +{ + lib, + config, + ... +}: { + options = { + i18n = { + defaultLocale = lib.mkOption { + type = lib.types.str; + default = "en_US.UTF-8"; + example = "nl_NL.UTF-8"; + description = '' + The default locale. It determines the language for program + messages, the format for dates and times, sort order, and so on. + It also determines the character set, such as UTF-8. + ''; + }; + + extraLocaleSettings = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + example = { + LC_MESSAGES = "en_US.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + description = '' + A set of additional system-wide locale settings other than + `LANG` which can be configured with + {option}`i18n.defaultLocale`. + ''; + }; + }; + }; + + config = { + home.sessionVariables = + { + LANG = config.i18n.defaultLocale; + } + // config.i18n.extraLocaleSettings; + }; +} diff --git a/homes/ester/default.nix b/homes/ester/default.nix index 29d668f2..181a4872 100644 --- a/homes/ester/default.nix +++ b/homes/ester/default.nix @@ -37,6 +37,8 @@ in { # ''; }; + keyboard.layout = "it,us"; + # Home Manager can also manage your environment variables through # 'home.sessionVariables'. If you don't want to manage your shell through Home # Manager then you have to manually source 'hm-session-vars.sh' located at diff --git a/homes/leyla/default.nix b/homes/leyla/default.nix index a879526c..ba8535d2 100644 --- a/homes/leyla/default.nix +++ b/homes/leyla/default.nix @@ -4,6 +4,7 @@ ... }: { imports = [ + ./i18n.nix ./packages.nix ]; diff --git a/homes/leyla/i18n.nix b/homes/leyla/i18n.nix new file mode 100644 index 00000000..a4f41dd4 --- /dev/null +++ b/homes/leyla/i18n.nix @@ -0,0 +1,12 @@ +{...}: { + i18n = { + defaultLocale = "en_IE.UTF-8"; + + extraLocaleSettings = { + # LC_ADDRESS = "en_IE.UTF-8"; # lets just get used to this one now + # LC_TELEPHONE = "en_IE.UTF-8"; # lets just get used to this one now + LC_MONETARY = "en_US.UTF-8"; # to be changed once I move + LC_PAPER = "en_US.UTF-8"; # convient for american printers until I move + }; + }; +} diff --git a/host-modules/default.nix b/host-modules/default.nix index a90caf18..4ad79d0f 100644 --- a/host-modules/default.nix +++ b/host-modules/default.nix @@ -5,6 +5,7 @@ ./users.nix ./desktop.nix ./nix-development.nix + ./i18n.nix ./home-manager ]; } diff --git a/host-modules/home-manager/default.nix b/host-modules/home-manager/default.nix index 885e035d..54545946 100644 --- a/host-modules/home-manager/default.nix +++ b/host-modules/home-manager/default.nix @@ -2,5 +2,6 @@ {...}: { imports = [ ./flipperzero.nix + ./i18n.nix ]; } diff --git a/host-modules/home-manager/i18n.nix b/host-modules/home-manager/i18n.nix new file mode 100644 index 00000000..78b86faa --- /dev/null +++ b/host-modules/home-manager/i18n.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + home-users = lib.attrsets.mapAttrsToList (_: user: user) config.home-manager.users; +in { + config = { + i18n.supportedLocales = + lib.unique + (builtins.map (l: (lib.replaceStrings ["utf8" "utf-8" "UTF8"] ["UTF-8" "UTF-8" "UTF-8"] l) + "/UTF-8") ( + [ + "C.UTF-8" + "en_US.UTF-8" + config.i18n.defaultLocale + ] + ++ (lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) + ++ ( + map (user-config: user-config.i18n.defaultLocale) home-users + ) + ++ (lib.lists.flatten ( + map (user-config: lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") user-config.i18n.extraLocaleSettings)) home-users + )) + )); + }; +} diff --git a/host-modules/i18n.nix b/host-modules/i18n.nix new file mode 100644 index 00000000..eada12c0 --- /dev/null +++ b/host-modules/i18n.nix @@ -0,0 +1,3 @@ +{...}: { + i18n.defaultLocale = "en_IE.UTF-8"; +} diff --git a/host-modules/users.nix b/host-modules/users.nix index 154de892..23771a3c 100644 --- a/host-modules/users.nix +++ b/host-modules/users.nix @@ -53,7 +53,7 @@ in { }: { options = { name = lib.mkOption { - type = lib.types.string; + type = lib.types.str; default = name; description = '' What should this users name on the system be From cef6ad71256db5051ee9bcf6b8b246a58b37f158 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:11:22 -0600 Subject: [PATCH 362/932] moved network manager out of environments --- enviroments/client/default.nix | 4 +--- enviroments/common/default.nix | 4 ---- enviroments/server/default.nix | 4 +--- hosts/defiant/hardware-configuration.nix | 2 ++ hosts/horizon/hardware-configuration.nix | 1 + hosts/twilight/hardware-configuration.nix | 1 + 6 files changed, 6 insertions(+), 10 deletions(-) delete mode 100644 enviroments/common/default.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix index f1de3753..56f5422f 100644 --- a/enviroments/client/default.nix +++ b/enviroments/client/default.nix @@ -1,7 +1,5 @@ {pkgs, ...}: { - imports = [ - ../common - ]; + imports = []; environment.systemPackages = with pkgs; [ cachefilesd diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix deleted file mode 100644 index d6d44edf..00000000 --- a/enviroments/common/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{...}: { - # Enable networking - networking.networkmanager.enable = true; -} diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 4cd45ffb..8614e36c 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -12,9 +12,7 @@ httpsPort = 443; isDebug = false; in { - imports = [ - ../common - ]; + imports = []; options = { apps = { diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index c84a9b44..ce994d97 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -184,6 +184,8 @@ }; }; + networking.networkmanager.enable = true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware = { # TODO: hardware graphics diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index ed6246a6..9b4074d4 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -87,6 +87,7 @@ ]; networking = { + networkmanager.enable = true; useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. }; diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index fe2353ba..f1cd73f6 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -69,6 +69,7 @@ swapDevices = []; networking = { + networkmanager.enable = true; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction From 047d1e4d8f768204521ac04899792fa524b397da Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:13:31 -0600 Subject: [PATCH 363/932] removed client form environments --- enviroments/client/default.nix | 7 ------- hosts/horizon/configuration.nix | 2 -- hosts/horizon/hardware-configuration.nix | 5 +++++ hosts/twilight/configuration.nix | 4 ---- hosts/twilight/hardware-configuration.nix | 4 ++++ 5 files changed, 9 insertions(+), 13 deletions(-) delete mode 100644 enviroments/client/default.nix diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix deleted file mode 100644 index 56f5422f..00000000 --- a/enviroments/client/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{pkgs, ...}: { - imports = []; - - environment.systemPackages = with pkgs; [ - cachefilesd - ]; -} diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 50b574b6..593274cf 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,8 +1,6 @@ {inputs, ...}: { imports = [ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel - - ../../enviroments/client ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix index 9b4074d4..184be7a4 100644 --- a/hosts/horizon/hardware-configuration.nix +++ b/hosts/horizon/hardware-configuration.nix @@ -4,6 +4,7 @@ { config, lib, + pkgs, modulesPath, ... }: { @@ -80,6 +81,10 @@ }; }; + environment.systemPackages = with pkgs; [ + cachefilesd + ]; + services.cachefilesd.enable = true; swapDevices = [ diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix index 872e9444..75c8dc7f 100644 --- a/hosts/twilight/configuration.nix +++ b/hosts/twilight/configuration.nix @@ -1,8 +1,4 @@ {pkgs, ...}: { - imports = [ - ../../enviroments/client - ]; - nixpkgs.config.allowUnfree = true; host = { diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix index f1cd73f6..d547c9cd 100644 --- a/hosts/twilight/hardware-configuration.nix +++ b/hosts/twilight/hardware-configuration.nix @@ -66,6 +66,10 @@ }; }; + environment.systemPackages = with pkgs; [ + cachefilesd + ]; + swapDevices = []; networking = { From 7da7741ea53de2546ee4b61ae1d346dbf3c18149 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:15:06 -0600 Subject: [PATCH 364/932] moved environment/server into defiant config --- hosts/defiant/configuration.nix | 2 +- enviroments/server/default.nix => hosts/defiant/services.nix | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename enviroments/server/default.nix => hosts/defiant/services.nix (100%) diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 178aedf4..009442e0 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -6,7 +6,7 @@ }: { imports = [ inputs.disko.nixosModules.disko - ../../enviroments/server + ./services.nix ]; nixpkgs.config.allowUnfree = true; diff --git a/enviroments/server/default.nix b/hosts/defiant/services.nix similarity index 100% rename from enviroments/server/default.nix rename to hosts/defiant/services.nix From e94f7e6637f9406286633128147190da00c564cd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:35:31 -0600 Subject: [PATCH 365/932] updated flake.lock --- flake.lock | 61 ++++++++++++-------------------- homes/leyla/vscode.nix | 1 - host-modules/nix-development.nix | 5 --- 3 files changed, 22 insertions(+), 45 deletions(-) diff --git a/flake.lock b/flake.lock index d107388d..bf4e9d15 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1731274291, - "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", + "lastModified": 1732482708, + "narHash": "sha256-B1MQLiWi4bbeNiRXKxEkpztnKyWae4x0LyK32v3DjLk=", "owner": "nix-community", "repo": "disko", - "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", + "rev": "47bc8dfb6f48d5f66a3cb3a4cece83d8ace1f61a", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1732248209, - "narHash": "sha256-Mv8k0VuGdb6YhhKt+8SIvhMdmI4xZhw/3ycSvlAq19Q=", + "lastModified": 1732479769, + "narHash": "sha256-barZy95JsQt4G9EDZ7RNrjgTneelXXfSzRLJJvokjsI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "4a8ba00d1be3f3745428ed56efbb32155c548192", + "rev": "80bf66046d8b8624c5991a0c8e512b211acce2b2", "type": "gitlab" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1731235328, - "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", + "lastModified": 1732482255, + "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "owner": "nix-community", "repo": "home-manager", - "rev": "60bb110917844d354f3c18e05450606a435d2d10", + "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1731289628, - "narHash": "sha256-bMqsWKoGMe4phm6xk2skjlGCCVv44AOom7Wb0eWv5Ic=", + "lastModified": 1732499683, + "narHash": "sha256-Hw95rpgNiyAL4v9pJF2756PMud6O0p/1XQixs5f/Shk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "91665308e59ce26cdcefa73dc85dfd9b39be725c", + "rev": "b376bfa567fd25f9f22b6f51ffaa4f84d0b7c72f", "type": "github" }, "original": { @@ -222,11 +222,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1731332224, - "narHash": "sha256-0ctfVp27ingWtY7dbP5+QpSQ98HaOZleU0teyHQUAw0=", + "lastModified": 1732483221, + "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "184687ae1a3139faa4746168baf071f60d0310c8", + "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", "type": "github" }, "original": { @@ -238,11 +238,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731139594, - "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -252,22 +252,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1730602179, - "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "disko": "disko", @@ -303,15 +287,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" + ] }, "locked": { - "lastModified": 1731364708, - "narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=", + "lastModified": 1732186149, + "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4c91d52db103e757fc25b58998b0576ae702d659", + "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", "type": "github" }, "original": { diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 66765463..3772949f 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -32,7 +32,6 @@ "cSpell.userWords" = [ "webdav" ]; - "nix.serverPath" = "nixd"; "nix.enableLanguageServer" = true; "nixpkgs" = { "expr" = "import {}"; diff --git a/host-modules/nix-development.nix b/host-modules/nix-development.nix index d6704180..e350026c 100644 --- a/host-modules/nix-development.nix +++ b/host-modules/nix-development.nix @@ -15,11 +15,6 @@ nix = { nixPath = ["nixpkgs=${inputs.nixpkgs}"]; }; - - environment.systemPackages = with pkgs; [ - # nix langauge server - nixd - ]; }) ]; } From 814817eb5b2d56b6314617a2fb67b9c95841f868 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:39:22 -0600 Subject: [PATCH 366/932] removed completed task from README.md --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 1f152e93..4381a4c0 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,7 @@ ## Tech Debt - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- move applications in server environment into their own flakes -- get rid of environments folder +- move applications in `defiant/services.nix` into their own flakes ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 265997fc7f9b82314a7a6064acd0c1c8ee3008d6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 01:43:49 -0600 Subject: [PATCH 367/932] removed unused parameter in module --- host-modules/nix-development.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/host-modules/nix-development.nix b/host-modules/nix-development.nix index e350026c..2608ba3c 100644 --- a/host-modules/nix-development.nix +++ b/host-modules/nix-development.nix @@ -1,7 +1,6 @@ { lib, config, - pkgs, inputs, ... }: { From 5dd16b04bda9f6a6bff1ae99106df93206fe1e81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:01:00 -0600 Subject: [PATCH 368/932] added nix language server and formatter to vscode --- homes/leyla/vscode.nix | 51 +++++++++++++++++++++----------- host-modules/nix-development.nix | 7 +++++ 2 files changed, 40 insertions(+), 18 deletions(-) diff --git a/homes/leyla/vscode.nix b/homes/leyla/vscode.nix index 3772949f..d921604f 100644 --- a/homes/leyla/vscode.nix +++ b/homes/leyla/vscode.nix @@ -1,8 +1,12 @@ { + lib, pkgs, inputs, + osConfig, ... -}: { +}: let + nix-development-enabled = osConfig.host.nix-development.enable; +in { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -27,19 +31,28 @@ enableUpdateCheck = false; enableExtensionUpdateCheck = false; - userSettings = { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - "nix.enableLanguageServer" = true; - "nixpkgs" = { - "expr" = "import {}"; - }; - # "fomratting": { - # "command": [ "alejandra" ]; - # }; - }; + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + ]; extensions = ( with open-vsx; @@ -52,10 +65,6 @@ streetsidesoftware.code-spell-checker-italian jeanp413.open-remote-ssh - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - # html extensions formulahendry.auto-rename-tag ms-vscode.live-server @@ -75,6 +84,12 @@ # misc extensions bungcip.better-toml ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) ++ ( with vscode-marketplace; [ # js extensions diff --git a/host-modules/nix-development.nix b/host-modules/nix-development.nix index 2608ba3c..6eeddc4a 100644 --- a/host-modules/nix-development.nix +++ b/host-modules/nix-development.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, inputs, ... @@ -14,6 +15,12 @@ nix = { nixPath = ["nixpkgs=${inputs.nixpkgs}"]; }; + environment.systemPackages = with pkgs; [ + # nix language server + nil + # nix formatter + alejandra + ]; }) ]; } From c38754530f8efccfc70a5217be5c9a7373921c1d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:01:55 -0600 Subject: [PATCH 369/932] ran linter From db799a8253db07d61be6329dbe6c814b5f3e50e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:14:50 -0600 Subject: [PATCH 370/932] moved spellcheck to separate file --- .gitignore | 4 +- .vscode/settings.json | 19 +++++ homes/leyla/i18n.nix | 2 +- homes/leyla/packages.nix | 8 +- homes/leyla/vscode/default.nix | 101 +++++++++++++++++++++++ homes/leyla/vscode/user-words.nix | 3 + hosts/defiant/hardware-configuration.nix | 4 +- hosts/defiant/services.nix | 16 ++-- 8 files changed, 141 insertions(+), 16 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 homes/leyla/vscode/default.nix create mode 100644 homes/leyla/vscode/user-words.nix diff --git a/.gitignore b/.gitignore index d1da3a8f..ce2538fb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ result -.direnv \ No newline at end of file +.direnv +.vscode/* +!.vscode/settings.json \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 00000000..b152cc4e --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,19 @@ +{ + "cSpell.words": [ + "bitwarden", + "forgejo", + "gids", + "headscale", + "jellyfin", + "macvlan", + "nextcloud", + "nixos", + "nixpkgs", + "pihole", + "pkgs", + "rpool", + "searx", + "ublock", + "uids" + ] +} \ No newline at end of file diff --git a/homes/leyla/i18n.nix b/homes/leyla/i18n.nix index a4f41dd4..f12cd95a 100644 --- a/homes/leyla/i18n.nix +++ b/homes/leyla/i18n.nix @@ -6,7 +6,7 @@ # LC_ADDRESS = "en_IE.UTF-8"; # lets just get used to this one now # LC_TELEPHONE = "en_IE.UTF-8"; # lets just get used to this one now LC_MONETARY = "en_US.UTF-8"; # to be changed once I move - LC_PAPER = "en_US.UTF-8"; # convient for american printers until I move + LC_PAPER = "en_US.UTF-8"; # convenient for american printers until I move }; }; } diff --git a/homes/leyla/packages.nix b/homes/leyla/packages.nix index 12bef3a6..1845f656 100644 --- a/homes/leyla/packages.nix +++ b/homes/leyla/packages.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - userConifg = osConfig.host.users.leyla; + userConfig = osConfig.host.users.leyla; hardware = osConfig.host.hardware; in { imports = [ @@ -14,16 +14,16 @@ in { home = { packages = - lib.lists.optionals userConifg.isTerminalUser ( + lib.lists.optionals userConfig.isTerminalUser ( with pkgs; [ - # comand line tools + # command line tools yt-dlp ffmpeg imagemagick ] ) ++ ( - lib.lists.optionals userConifg.isDesktopUser ( + lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ # helvetica font aileron diff --git a/homes/leyla/vscode/default.nix b/homes/leyla/vscode/default.nix new file mode 100644 index 00000000..641fff95 --- /dev/null +++ b/homes/leyla/vscode/default.nix @@ -0,0 +1,101 @@ +{ + lib, + pkgs, + inputs, + osConfig, + ... +}: let + nix-development-enabled = osConfig.host.nix-development.enable; +in { + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + + programs = { + bash.shellAliases = { + code = "codium"; + }; + + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in { + enable = true; + + package = pkgs.vscodium; + + mutableExtensionsDir = false; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.language" = "en,de-DE,it"; + "cSpell.userWords" = import ./user-words.nix; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + ]; + + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + bungcip.better-toml + ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ] + ) + ); + }; + }; +} diff --git a/homes/leyla/vscode/user-words.nix b/homes/leyla/vscode/user-words.nix new file mode 100644 index 00000000..94a85a28 --- /dev/null +++ b/homes/leyla/vscode/user-words.nix @@ -0,0 +1,3 @@ +[ + "leyla" +] diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix index ce994d97..b55bcfd8 100644 --- a/hosts/defiant/hardware-configuration.nix +++ b/hosts/defiant/hardware-configuration.nix @@ -17,7 +17,7 @@ initrd = { availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; kernelModules = []; - # TODO: figure out some kind of snapshotting before rolebacks + # TODO: figure out some kind of snapshotting before rollbacks # postDeviceCommands = lib.mkAfter '' # zfs rollback -r rpool/root@blank # zfs rollback -r rpool/home@blank @@ -127,7 +127,7 @@ # systemd.services = { # # https://github.com/openzfs/zfs/issues/10891 # systemd-udev-settle.enable = false; - # # Snapshots are not accessable on boot for some reason this should fix it + # # Snapshots are not accessible on boot for some reason this should fix it # # https://github.com/NixOS/nixpkgs/issues/257505 # zfs-mount = { # serviceConfig = { diff --git a/hosts/defiant/services.nix b/hosts/defiant/services.nix index 8614e36c..ac1d02be 100644 --- a/hosts/defiant/services.nix +++ b/hosts/defiant/services.nix @@ -48,12 +48,12 @@ in { directory = { root = lib.mkOption { type = lib.types.str; - description = "directory that piholes will be hosted at"; + description = "directory that pihole will be hosted at"; default = "/var/lib/pihole"; }; data = lib.mkOption { type = lib.types.str; - description = "directory that piholes data will be hosted at"; + description = "directory that pihole data will be hosted at"; default = "${config.apps.pihole.directory.root}/data"; }; }; @@ -66,7 +66,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that headscale will be hosted at"; + description = "hostname that headscale will be hosted at"; default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; @@ -78,7 +78,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that jellyfin will be hosted at"; + description = "hostname that jellyfin will be hosted at"; default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; }; mediaDirectory = lib.mkOption { @@ -95,7 +95,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that forgejo will be hosted at"; + description = "hostname that forgejo will be hosted at"; default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; }; }; @@ -107,7 +107,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that home-assistant will be hosted at"; + description = "hostname that home-assistant will be hosted at"; default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; }; }; @@ -119,7 +119,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that searx will be hosted at"; + description = "hostname that searx will be hosted at"; default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; }; }; @@ -131,7 +131,7 @@ in { }; hostname = lib.mkOption { type = lib.types.str; - description = "hosname that nextcloud will be hosted at"; + description = "hostname that nextcloud will be hosted at"; default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}"; }; }; From 4c025e0cca58699c56487a073a114be90894dca6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 15:56:51 -0600 Subject: [PATCH 371/932] cleaned up default.nix --- util/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/default.nix b/util/default.nix index ae298ad7..efd58c8f 100644 --- a/util/default.nix +++ b/util/default.nix @@ -25,7 +25,7 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs;}; + home-manager.extraSpecialArgs = {inherit inputs outputs util;}; home-manager.users = import ../homes nixpkgs; home-manager.sharedModules = home-manager-shared-modules; }; @@ -40,7 +40,7 @@ in { ]; mkSystem = host: - inputs.nixpkgs.lib.nixosSystem { + nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; modules = [ lix-module.nixosModules.default From 3924a5aa8d5b62963c6a39bc0f6123f33376707a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 16:03:55 -0600 Subject: [PATCH 372/932] fixed language in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4381a4c0..0ff85341 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ ## Tech Debt - join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- move applications in `defiant/services.nix` into their own flakes +- move applications in `defiant/services.nix` into their own modules ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 0d0443a02a9440fd048d249d3e67611aadbaa066 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 16:58:12 -0600 Subject: [PATCH 373/932] restructured repo to support nix-darwin --- .vscode/settings.json | 2 + configurations/darwin/hesperium/default.nix | 1 + .../home-manager}/default.nix | 0 .../home-manager}/ester/default.nix | 0 .../home-manager}/eve/default.nix | 0 .../home-manager}/leyla/default.nix | 0 .../home-manager}/leyla/firefox.nix | 0 .../home-manager}/leyla/i18n.nix | 0 .../home-manager}/leyla/packages.nix | 0 .../home-manager}/leyla/vscode.nix | 0 .../home-manager}/leyla/vscode/default.nix | 0 .../home-manager}/leyla/vscode/user-words.nix | 0 .../nixos}/defiant/configuration.nix | 0 .../nixos}/defiant/default.nix | 0 .../nixos}/defiant/disko-config.nix | 0 .../nixos}/defiant/hardware-configuration.nix | 0 .../nixos}/defiant/services.nix | 0 .../nixos}/horizon/configuration.nix | 0 .../nixos}/horizon/default.nix | 0 .../nixos}/horizon/hardware-configuration.nix | 0 .../nixos}/twilight/configuration.nix | 0 .../nixos}/twilight/default.nix | 0 .../twilight/hardware-configuration.nix | 0 flake.lock | 21 +++++++ flake.nix | 26 +++++--- host-modules/home-manager/default.nix | 7 --- modules/{ => common-modules}/default.nix | 0 .../{ => common-modules}/overlays/default.nix | 0 modules/{ => common-modules}/pkgs/default.nix | 0 modules/darwin-modules/default.nix | 6 ++ .../darwin-modules/home-manager/default.nix | 2 + .../home-manager-modules}/default.nix | 1 + .../home-manager-modules}/flipperzero.nix | 0 .../home-manager-modules}/i18n.nix | 0 .../nixos-modules}/default.nix | 3 +- .../nixos-modules}/desktop.nix | 0 .../nixos-modules}/hardware.nix | 0 .../nixos-modules/home-manager/default.nix | 7 +++ .../home-manager/flipperzero.nix | 0 .../nixos-modules}/home-manager/i18n.nix | 0 .../nixos-modules}/i18n.nix | 0 .../nixos-modules}/nix-development.nix | 0 .../nixos-modules}/system.nix | 0 .../nixos-modules}/users.nix | 2 +- modules/system-modules/default.nix | 6 ++ .../system-modules/home-manager/default.nix | 2 + util/default.nix | 59 +++++++++++++------ 47 files changed, 111 insertions(+), 34 deletions(-) create mode 100644 configurations/darwin/hesperium/default.nix rename {homes => configurations/home-manager}/default.nix (100%) rename {homes => configurations/home-manager}/ester/default.nix (100%) rename {homes => configurations/home-manager}/eve/default.nix (100%) rename {homes => configurations/home-manager}/leyla/default.nix (100%) rename {homes => configurations/home-manager}/leyla/firefox.nix (100%) rename {homes => configurations/home-manager}/leyla/i18n.nix (100%) rename {homes => configurations/home-manager}/leyla/packages.nix (100%) rename {homes => configurations/home-manager}/leyla/vscode.nix (100%) rename {homes => configurations/home-manager}/leyla/vscode/default.nix (100%) rename {homes => configurations/home-manager}/leyla/vscode/user-words.nix (100%) rename {hosts => configurations/nixos}/defiant/configuration.nix (100%) rename {hosts => configurations/nixos}/defiant/default.nix (100%) rename {hosts => configurations/nixos}/defiant/disko-config.nix (100%) rename {hosts => configurations/nixos}/defiant/hardware-configuration.nix (100%) rename {hosts => configurations/nixos}/defiant/services.nix (100%) rename {hosts => configurations/nixos}/horizon/configuration.nix (100%) rename {hosts => configurations/nixos}/horizon/default.nix (100%) rename {hosts => configurations/nixos}/horizon/hardware-configuration.nix (100%) rename {hosts => configurations/nixos}/twilight/configuration.nix (100%) rename {hosts => configurations/nixos}/twilight/default.nix (100%) rename {hosts => configurations/nixos}/twilight/hardware-configuration.nix (100%) delete mode 100644 host-modules/home-manager/default.nix rename modules/{ => common-modules}/default.nix (100%) rename modules/{ => common-modules}/overlays/default.nix (100%) rename modules/{ => common-modules}/pkgs/default.nix (100%) create mode 100644 modules/darwin-modules/default.nix create mode 100644 modules/darwin-modules/home-manager/default.nix rename {home-modules => modules/home-manager-modules}/default.nix (51%) rename {home-modules => modules/home-manager-modules}/flipperzero.nix (100%) rename {home-modules => modules/home-manager-modules}/i18n.nix (100%) rename {host-modules => modules/nixos-modules}/default.nix (74%) rename {host-modules => modules/nixos-modules}/desktop.nix (100%) rename {host-modules => modules/nixos-modules}/hardware.nix (100%) create mode 100644 modules/nixos-modules/home-manager/default.nix rename {host-modules => modules/nixos-modules}/home-manager/flipperzero.nix (100%) rename {host-modules => modules/nixos-modules}/home-manager/i18n.nix (100%) rename {host-modules => modules/nixos-modules}/i18n.nix (100%) rename {host-modules => modules/nixos-modules}/nix-development.nix (100%) rename {host-modules => modules/nixos-modules}/system.nix (100%) rename {host-modules => modules/nixos-modules}/users.nix (99%) create mode 100644 modules/system-modules/default.nix create mode 100644 modules/system-modules/home-manager/default.nix diff --git a/.vscode/settings.json b/.vscode/settings.json index b152cc4e..8d6717e2 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,9 +1,11 @@ { "cSpell.words": [ + "attrsets", "bitwarden", "forgejo", "gids", "headscale", + "hesperium", "jellyfin", "macvlan", "nextcloud", diff --git a/configurations/darwin/hesperium/default.nix b/configurations/darwin/hesperium/default.nix new file mode 100644 index 00000000..64629674 --- /dev/null +++ b/configurations/darwin/hesperium/default.nix @@ -0,0 +1 @@ +{...}: {} diff --git a/homes/default.nix b/configurations/home-manager/default.nix similarity index 100% rename from homes/default.nix rename to configurations/home-manager/default.nix diff --git a/homes/ester/default.nix b/configurations/home-manager/ester/default.nix similarity index 100% rename from homes/ester/default.nix rename to configurations/home-manager/ester/default.nix diff --git a/homes/eve/default.nix b/configurations/home-manager/eve/default.nix similarity index 100% rename from homes/eve/default.nix rename to configurations/home-manager/eve/default.nix diff --git a/homes/leyla/default.nix b/configurations/home-manager/leyla/default.nix similarity index 100% rename from homes/leyla/default.nix rename to configurations/home-manager/leyla/default.nix diff --git a/homes/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix similarity index 100% rename from homes/leyla/firefox.nix rename to configurations/home-manager/leyla/firefox.nix diff --git a/homes/leyla/i18n.nix b/configurations/home-manager/leyla/i18n.nix similarity index 100% rename from homes/leyla/i18n.nix rename to configurations/home-manager/leyla/i18n.nix diff --git a/homes/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix similarity index 100% rename from homes/leyla/packages.nix rename to configurations/home-manager/leyla/packages.nix diff --git a/homes/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix similarity index 100% rename from homes/leyla/vscode.nix rename to configurations/home-manager/leyla/vscode.nix diff --git a/homes/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix similarity index 100% rename from homes/leyla/vscode/default.nix rename to configurations/home-manager/leyla/vscode/default.nix diff --git a/homes/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/vscode/user-words.nix similarity index 100% rename from homes/leyla/vscode/user-words.nix rename to configurations/home-manager/leyla/vscode/user-words.nix diff --git a/hosts/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix similarity index 100% rename from hosts/defiant/configuration.nix rename to configurations/nixos/defiant/configuration.nix diff --git a/hosts/defiant/default.nix b/configurations/nixos/defiant/default.nix similarity index 100% rename from hosts/defiant/default.nix rename to configurations/nixos/defiant/default.nix diff --git a/hosts/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix similarity index 100% rename from hosts/defiant/disko-config.nix rename to configurations/nixos/defiant/disko-config.nix diff --git a/hosts/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix similarity index 100% rename from hosts/defiant/hardware-configuration.nix rename to configurations/nixos/defiant/hardware-configuration.nix diff --git a/hosts/defiant/services.nix b/configurations/nixos/defiant/services.nix similarity index 100% rename from hosts/defiant/services.nix rename to configurations/nixos/defiant/services.nix diff --git a/hosts/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix similarity index 100% rename from hosts/horizon/configuration.nix rename to configurations/nixos/horizon/configuration.nix diff --git a/hosts/horizon/default.nix b/configurations/nixos/horizon/default.nix similarity index 100% rename from hosts/horizon/default.nix rename to configurations/nixos/horizon/default.nix diff --git a/hosts/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix similarity index 100% rename from hosts/horizon/hardware-configuration.nix rename to configurations/nixos/horizon/hardware-configuration.nix diff --git a/hosts/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix similarity index 100% rename from hosts/twilight/configuration.nix rename to configurations/nixos/twilight/configuration.nix diff --git a/hosts/twilight/default.nix b/configurations/nixos/twilight/default.nix similarity index 100% rename from hosts/twilight/default.nix rename to configurations/nixos/twilight/default.nix diff --git a/hosts/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix similarity index 100% rename from hosts/twilight/hardware-configuration.nix rename to configurations/nixos/twilight/hardware-configuration.nix diff --git a/flake.lock b/flake.lock index bf4e9d15..90c0c06c 100644 --- a/flake.lock +++ b/flake.lock @@ -198,6 +198,26 @@ "url": "https://git.lix.systems/lix-project/nixos-module" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1732420287, + "narHash": "sha256-CzvYF4x6jUh/+NEEIFrIY5t1W/N3IA2bNZJiMXu9GTo=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "3c52583b99666a349a6219dc1f0dd07d75c82d6a", + "type": "github" + }, + "original": { + "owner": "LnL7", + "repo": "nix-darwin", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", @@ -259,6 +279,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "lix-module": "lix-module", + "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 6845fcf7..566102c6 100644 --- a/flake.nix +++ b/flake.nix @@ -11,7 +11,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # self hosted repo of secrets file to further protect files in case of future encryption vunrabilities + # self hosted repo of secrets file to further protect files in case of future encryption vulnerabilities secrets = { url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; flake = false; @@ -28,6 +28,11 @@ # url = "github:nix-community/impermanence"; # }; + nix-darwin = { + url = "github:LnL7/nix-darwin"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # users home directories home-manager = { url = "github:nix-community/home-manager"; @@ -70,7 +75,8 @@ } @ inputs: let util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; - mkSystem = util.mkSystem; + mkNixosSystem = util.mkNixosSystem; + mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; in { formatter = forEachPkgs (pkgs: pkgs.alejandra); @@ -95,6 +101,16 @@ }; }); + nixosConfigurations = { + horizon = mkNixosSystem "horizon"; + twilight = mkNixosSystem "twilight"; + defiant = mkNixosSystem "defiant"; + }; + + darwinConfigurations = { + hesperium = mkDarwinSystem "hesperium"; + }; + homeConfigurations = nixpkgs.lib.attrsets.mergeAttrsList ( nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( nixpkgs.lib.attrsets.mapAttrs' (user: _: { @@ -105,11 +121,5 @@ )) self.nixosConfigurations ); - - nixosConfigurations = { - horizon = mkSystem "horizon"; - twilight = mkSystem "twilight"; - defiant = mkSystem "defiant"; - }; }; } diff --git a/host-modules/home-manager/default.nix b/host-modules/home-manager/default.nix deleted file mode 100644 index 54545946..00000000 --- a/host-modules/home-manager/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -# modules in this folder are to adapt home manager modules defined in `home-modules` to any nix module configs that they need to set -{...}: { - imports = [ - ./flipperzero.nix - ./i18n.nix - ]; -} diff --git a/modules/default.nix b/modules/common-modules/default.nix similarity index 100% rename from modules/default.nix rename to modules/common-modules/default.nix diff --git a/modules/overlays/default.nix b/modules/common-modules/overlays/default.nix similarity index 100% rename from modules/overlays/default.nix rename to modules/common-modules/overlays/default.nix diff --git a/modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix similarity index 100% rename from modules/pkgs/default.nix rename to modules/common-modules/pkgs/default.nix diff --git a/modules/darwin-modules/default.nix b/modules/darwin-modules/default.nix new file mode 100644 index 00000000..ddf23232 --- /dev/null +++ b/modules/darwin-modules/default.nix @@ -0,0 +1,6 @@ +# this folder container modules that are for darwin only +{...}: { + imports = [ + ./home-manager + ]; +} diff --git a/modules/darwin-modules/home-manager/default.nix b/modules/darwin-modules/home-manager/default.nix new file mode 100644 index 00000000..1ebec5fe --- /dev/null +++ b/modules/darwin-modules/home-manager/default.nix @@ -0,0 +1,2 @@ +# modules in this folder are to adapt home-manager modules configs to darwin-module configs +{...}: {} diff --git a/home-modules/default.nix b/modules/home-manager-modules/default.nix similarity index 51% rename from home-modules/default.nix rename to modules/home-manager-modules/default.nix index b3f5c458..9fb37f2c 100644 --- a/home-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -1,3 +1,4 @@ +# this folder container modules that are for home manager only {...}: { imports = [ ./flipperzero.nix diff --git a/home-modules/flipperzero.nix b/modules/home-manager-modules/flipperzero.nix similarity index 100% rename from home-modules/flipperzero.nix rename to modules/home-manager-modules/flipperzero.nix diff --git a/home-modules/i18n.nix b/modules/home-manager-modules/i18n.nix similarity index 100% rename from home-modules/i18n.nix rename to modules/home-manager-modules/i18n.nix diff --git a/host-modules/default.nix b/modules/nixos-modules/default.nix similarity index 74% rename from host-modules/default.nix rename to modules/nixos-modules/default.nix index 4ad79d0f..1414cf24 100644 --- a/host-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -1,11 +1,12 @@ +# this folder container modules that are for nixos only {...}: { imports = [ + ./home-manager ./system.nix ./hardware.nix ./users.nix ./desktop.nix ./nix-development.nix ./i18n.nix - ./home-manager ]; } diff --git a/host-modules/desktop.nix b/modules/nixos-modules/desktop.nix similarity index 100% rename from host-modules/desktop.nix rename to modules/nixos-modules/desktop.nix diff --git a/host-modules/hardware.nix b/modules/nixos-modules/hardware.nix similarity index 100% rename from host-modules/hardware.nix rename to modules/nixos-modules/hardware.nix diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix new file mode 100644 index 00000000..3848e1b6 --- /dev/null +++ b/modules/nixos-modules/home-manager/default.nix @@ -0,0 +1,7 @@ +# modules in this folder are to adapt home-manager modules configs to nixos-module configs +{...}: { + imports = [ + ./flipperzero.nix + ./i18n.nix + ]; +} diff --git a/host-modules/home-manager/flipperzero.nix b/modules/nixos-modules/home-manager/flipperzero.nix similarity index 100% rename from host-modules/home-manager/flipperzero.nix rename to modules/nixos-modules/home-manager/flipperzero.nix diff --git a/host-modules/home-manager/i18n.nix b/modules/nixos-modules/home-manager/i18n.nix similarity index 100% rename from host-modules/home-manager/i18n.nix rename to modules/nixos-modules/home-manager/i18n.nix diff --git a/host-modules/i18n.nix b/modules/nixos-modules/i18n.nix similarity index 100% rename from host-modules/i18n.nix rename to modules/nixos-modules/i18n.nix diff --git a/host-modules/nix-development.nix b/modules/nixos-modules/nix-development.nix similarity index 100% rename from host-modules/nix-development.nix rename to modules/nixos-modules/nix-development.nix diff --git a/host-modules/system.nix b/modules/nixos-modules/system.nix similarity index 100% rename from host-modules/system.nix rename to modules/nixos-modules/system.nix diff --git a/host-modules/users.nix b/modules/nixos-modules/users.nix similarity index 99% rename from host-modules/users.nix rename to modules/nixos-modules/users.nix index 23771a3c..e5a8a91a 100644 --- a/host-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -4,7 +4,7 @@ inputs, ... }: let - SOPS_AGE_KEY_DIRECTORY = import ../const/sops_age_key_directory.nix; + SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix; host = config.host; diff --git a/modules/system-modules/default.nix b/modules/system-modules/default.nix new file mode 100644 index 00000000..f6605cea --- /dev/null +++ b/modules/system-modules/default.nix @@ -0,0 +1,6 @@ +# this folder container modules that are for nixos and darwin +{...}: { + imports = [ + ./home-manager + ]; +} diff --git a/modules/system-modules/home-manager/default.nix b/modules/system-modules/home-manager/default.nix new file mode 100644 index 00000000..3745b8fe --- /dev/null +++ b/modules/system-modules/home-manager/default.nix @@ -0,0 +1,2 @@ +# modules in this folder are to adapt home-manager modules configs to system-module configs +{...}: {} diff --git a/util/default.nix b/util/default.nix index efd58c8f..32acca1b 100644 --- a/util/default.nix +++ b/util/default.nix @@ -6,6 +6,7 @@ lix-module = inputs.lix-module; nixpkgs = inputs.nixpkgs; home-manager = inputs.home-manager; + nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; systems = [ @@ -17,18 +18,34 @@ forEachSystem = nixpkgs.lib.genAttrs systems; pkgsFor = system: nixpkgs.legacyPackages.${system}; - home-manager-shared-modules = [ - ../modules - ../home-modules + common-modules = [ + lix-module.nixosModules.default + ../modules/common-modules ]; + + home-manager-modules = + common-modules + ++ [ + ../modules/home-manager-modules + ]; + home-manager-config = nixpkgs: { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs outputs util;}; - home-manager.users = import ../homes nixpkgs; - home-manager.sharedModules = home-manager-shared-modules; + home-manager.users = import ../configurations/home-manager nixpkgs; + home-manager.sharedModules = home-manager-modules; }; + + system-modules = + common-modules + ++ [ + ../modules/system-modules + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + home-manager-config + ]; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); @@ -39,18 +56,26 @@ in { (lib.mkUnless condition no) ]; - mkSystem = host: + mkNixosSystem = host: nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; - modules = [ - lix-module.nixosModules.default - sops-nix.nixosModules.sops - home-manager.nixosModules.home-manager - home-manager-config - ../modules - ../host-modules - ../hosts/${host} - ]; + modules = + system-modules + ++ [ + ../modules/nixos-modules + ../configurations/nixos/${host} + ]; + }; + + mkDarwinSystem = host: + nix-darwin.lib.darwinSystem { + specialArgs = {inherit inputs outputs util;}; + modules = + system-modules + ++ [ + ../modules/darwin-modules + ../configurations/darwin/${host} + ]; }; mkHome = user: host: system: osConfig: @@ -60,9 +85,9 @@ in { inherit inputs util outputs osConfig; }; modules = - home-manager-shared-modules + home-manager-modules ++ [ - ../homes/${user} + ../configurations/home-manager/${user} ]; }; } From 5f21fd43ff6eb643762c81e6380eb878f9b6d8ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 18:28:55 -0600 Subject: [PATCH 374/932] fixed nix-darwin building --- .../darwin/hesperium/configuration.nix | 20 ++++ configurations/darwin/hesperium/default.nix | 6 +- modules/darwin-modules/default.nix | 2 + modules/darwin-modules/system.nix | 27 ++++++ modules/darwin-modules/users.nix | 20 ++++ modules/nixos-modules/default.nix | 2 +- modules/nixos-modules/ssh.nix | 13 +++ modules/nixos-modules/system.nix | 15 --- modules/nixos-modules/users.nix | 85 ---------------- modules/system-modules/default.nix | 3 + .../nix-development.nix | 0 modules/system-modules/system.nix | 7 ++ modules/system-modules/users.nix | 97 +++++++++++++++++++ util/default.nix | 9 +- 14 files changed, 201 insertions(+), 105 deletions(-) create mode 100644 configurations/darwin/hesperium/configuration.nix create mode 100644 modules/darwin-modules/system.nix create mode 100644 modules/darwin-modules/users.nix create mode 100644 modules/nixos-modules/ssh.nix rename modules/{nixos-modules => system-modules}/nix-development.nix (100%) create mode 100644 modules/system-modules/system.nix create mode 100644 modules/system-modules/users.nix diff --git a/configurations/darwin/hesperium/configuration.nix b/configurations/darwin/hesperium/configuration.nix new file mode 100644 index 00000000..08fc59f0 --- /dev/null +++ b/configurations/darwin/hesperium/configuration.nix @@ -0,0 +1,20 @@ +{...}: { + host = { + users = { + leyla = { + isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; + }; + ester = { + isPrincipleUser = true; + isNormalUser = true; + }; + eve.isNormalUser = false; + }; + }; + + system.stateVersion = 5; + + nixpkgs.hostPlatform = "aarch64-darwin"; +} diff --git a/configurations/darwin/hesperium/default.nix b/configurations/darwin/hesperium/default.nix index 64629674..220a6fb7 100644 --- a/configurations/darwin/hesperium/default.nix +++ b/configurations/darwin/hesperium/default.nix @@ -1 +1,5 @@ -{...}: {} +{...}: { + imports = [ + ./configuration.nix + ]; +} diff --git a/modules/darwin-modules/default.nix b/modules/darwin-modules/default.nix index ddf23232..5f4447b9 100644 --- a/modules/darwin-modules/default.nix +++ b/modules/darwin-modules/default.nix @@ -2,5 +2,7 @@ {...}: { imports = [ ./home-manager + ./users.nix + ./system.nix ]; } diff --git a/modules/darwin-modules/system.nix b/modules/darwin-modules/system.nix new file mode 100644 index 00000000..ee56162b --- /dev/null +++ b/modules/darwin-modules/system.nix @@ -0,0 +1,27 @@ +{self, ...}: { + system.configurationRevision = self.rev or self.dirtyRev or null; + + nix = { + gc = { + automatic = true; + interval = [ + { + Hour = 4; + Minute = 15; + Weekday = 7; + } + ]; + options = "--delete-older-than 7d"; + }; + optimise = { + automatic = true; + interval = [ + { + Hour = 4; + Minute = 15; + Weekday = 7; + } + ]; + }; + }; +} diff --git a/modules/darwin-modules/users.nix b/modules/darwin-modules/users.nix new file mode 100644 index 00000000..f0b55c0e --- /dev/null +++ b/modules/darwin-modules/users.nix @@ -0,0 +1,20 @@ +{ + lib, + config, + ... +}: let + host = config.host; +in { + users = { + users = { + leyla = { + name = lib.mkForce host.users.leyla.name; + home = lib.mkForce "/home/${host.users.leyla.name}"; + }; + ester = { + name = lib.mkForce host.users.ester.name; + home = lib.mkForce "/home/${host.users.ester.name}"; + }; + }; + }; +} diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 1414cf24..85e6c5a3 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -6,7 +6,7 @@ ./hardware.nix ./users.nix ./desktop.nix - ./nix-development.nix + ./ssh.nix ./i18n.nix ]; } diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix new file mode 100644 index 00000000..0360cfc8 --- /dev/null +++ b/modules/nixos-modules/ssh.nix @@ -0,0 +1,13 @@ +{...}: { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; + }; +} diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index 918c2197..b8390679 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,8 +1,5 @@ {...}: { nix = { - settings = { - experimental-features = ["nix-command" "flakes"]; - }; gc = { automatic = true; dates = "weekly"; @@ -13,16 +10,4 @@ dates = ["weekly"]; }; }; - - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; - }; - }; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index e5a8a91a..214ccd64 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -8,7 +8,6 @@ host = config.host; - hostUsers = host.hostUsers; principleUsers = host.principleUsers; terminalUsers = host.terminalUsers; # normalUsers = host.normalUsers; @@ -44,91 +43,7 @@ ester = users.ester.name; eve = users.eve.name; in { - options.host = { - users = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({ - config, - name, - ... - }: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; - }; - isPrincipleUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should be configured as root and have ssh access - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; - }; - isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their desktop applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; - }; - isTerminalUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their terminal applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; - }; - isNormalUser = lib.mkOption { - type = lib.types.bool; - default = config.isDesktopUser || config.isTerminalUser; - description = '' - User should install their applications and can log in - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; - }; - }; - })); - }; - hostUsers = lib.mkOption { - default = lib.attrsets.mapAttrsToList (_: user: user) host.users; - }; - principleUsers = lib.mkOption { - default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; - }; - normalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isTerminalUser) hostUsers; - }; - terminalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isNormalUser) hostUsers; - }; - }; - config = { - assertions = - ( - builtins.map (user: { - assertion = !(user.isPrincipleUser && !user.isNormalUser); - message = '' - Non normal user ${user.name} can not be a principle user. - ''; - }) - hostUsers - ) - ++ [ - { - assertion = (builtins.length principleUsers) > 0; - message = '' - At least one user must be a principle user. - ''; - } - ]; - # principle users are by definition trusted nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; diff --git a/modules/system-modules/default.nix b/modules/system-modules/default.nix index f6605cea..637b6b53 100644 --- a/modules/system-modules/default.nix +++ b/modules/system-modules/default.nix @@ -2,5 +2,8 @@ {...}: { imports = [ ./home-manager + ./system.nix + ./nix-development.nix + ./users.nix ]; } diff --git a/modules/nixos-modules/nix-development.nix b/modules/system-modules/nix-development.nix similarity index 100% rename from modules/nixos-modules/nix-development.nix rename to modules/system-modules/nix-development.nix diff --git a/modules/system-modules/system.nix b/modules/system-modules/system.nix new file mode 100644 index 00000000..f464835d --- /dev/null +++ b/modules/system-modules/system.nix @@ -0,0 +1,7 @@ +{...}: { + nix = { + settings = { + experimental-features = ["nix-command" "flakes"]; + }; + }; +} diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix new file mode 100644 index 00000000..33df3d1a --- /dev/null +++ b/modules/system-modules/users.nix @@ -0,0 +1,97 @@ +{ + lib, + config, + ... +}: let + host = config.host; + + hostUsers = host.hostUsers; + principleUsers = host.principleUsers; +in { + options.host = { + users = lib.mkOption { + default = {}; + type = lib.types.attrsOf (lib.types.submodule ({ + config, + name, + ... + }: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isPrincipleUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should be configured as root and have ssh access + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; + }; + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their desktop applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + User should install their terminal applications + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; + }; + isNormalUser = lib.mkOption { + type = lib.types.bool; + default = config.isDesktopUser || config.isTerminalUser; + description = '' + User should install their applications and can log in + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; + }; + }; + })); + }; + hostUsers = lib.mkOption { + default = lib.attrsets.mapAttrsToList (_: user: user) host.users; + }; + principleUsers = lib.mkOption { + default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; + }; + normalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isTerminalUser) hostUsers; + }; + terminalUsers = lib.mkOption { + default = lib.lists.filter (user: user.isNormalUser) hostUsers; + }; + }; + + config = { + assertions = + ( + builtins.map (user: { + assertion = !(user.isPrincipleUser && !user.isNormalUser); + message = '' + Non normal user ${user.name} can not be a principle user. + ''; + }) + hostUsers + ) + ++ [ + { + assertion = (builtins.length principleUsers) > 0; + message = '' + At least one user must be a principle user. + ''; + } + ]; + }; +} diff --git a/util/default.nix b/util/default.nix index 32acca1b..f04f9c9b 100644 --- a/util/default.nix +++ b/util/default.nix @@ -26,6 +26,7 @@ home-manager-modules = common-modules ++ [ + sops-nix.homeManagerModules.sops ../modules/home-manager-modules ]; @@ -41,10 +42,8 @@ system-modules = common-modules ++ [ - ../modules/system-modules - sops-nix.nixosModules.sops - home-manager.nixosModules.home-manager home-manager-config + ../modules/system-modules ]; in { forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); @@ -62,6 +61,8 @@ in { modules = system-modules ++ [ + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager ../modules/nixos-modules ../configurations/nixos/${host} ]; @@ -73,6 +74,8 @@ in { modules = system-modules ++ [ + sops-nix.darwinModules.sops + home-manager.darwinModules.home-manager ../modules/darwin-modules ../configurations/darwin/${host} ]; From 25838886153aac3477c22f04ddcc621ca3df9086 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 19:05:13 -0600 Subject: [PATCH 375/932] added darwinConfigurations to homeConfigurations outputs --- flake.nix | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 566102c6..152ea639 100644 --- a/flake.nix +++ b/flake.nix @@ -75,9 +75,21 @@ } @ inputs: let util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; + mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; + + systemsHomes = nixpkgs.lib.attrsets.mergeAttrsList ( + nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( + nixpkgs.lib.attrsets.mapAttrs' (user: _: { + name = "${user}@${hostname}"; + value = mkHome user hostname system.pkgs.hostPlatform.system system.config; + }) + system.config.home-manager.users + )) + (inputs.self.nixosConfigurations // inputs.self.darwinConfigurations) + ); in { formatter = forEachPkgs (pkgs: pkgs.alejandra); @@ -111,15 +123,11 @@ hesperium = mkDarwinSystem "hesperium"; }; - homeConfigurations = nixpkgs.lib.attrsets.mergeAttrsList ( - nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( - nixpkgs.lib.attrsets.mapAttrs' (user: _: { - name = "${user}@${hostname}"; - value = mkHome user hostname system.pkgs.hostPlatform.system system.config; - }) - system.config.home-manager.users - )) - self.nixosConfigurations - ); + homeConfigurations = + systemsHomes + // { + # stand alone configurations here: + # name = mkHome "name" + }; }; } From c487b261125b1c3c92fdabfac6362b120fcb36b4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 20:32:25 -0600 Subject: [PATCH 376/932] added entry to host map --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0ff85341..f1f554fd 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ | :---------: | :------------------------: | :--------------: | :-------: | | `twilight` | Desktop Computer | Leyla | Desktop | | `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | NAS Server | Leyla | Service | +| `defiant` | NAS Server | Leyla | Server | +| `hesperium` | Mac | ????? | ??? | | `emergent` | Desktop Computer | Eve | Desktop | | `threshold` | Laptop | Eve | Laptop | From 9d888222669e6f2ebd4e875d5f6dab7dcdb97f51 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 25 Nov 2024 22:37:08 -0600 Subject: [PATCH 377/932] started draft for installer --- build-installer.sh | 30 +++++++++++++ .../installer/basic/configuration.nix | 19 ++++++++ configurations/installer/basic/default.nix | 5 +++ flake.nix | 45 ++++++++++++------- util/default.nix | 10 +++++ 5 files changed, 94 insertions(+), 15 deletions(-) create mode 100644 build-installer.sh create mode 100644 configurations/installer/basic/configuration.nix create mode 100644 configurations/installer/basic/default.nix diff --git a/build-installer.sh b/build-installer.sh new file mode 100644 index 00000000..e124091d --- /dev/null +++ b/build-installer.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +while [ $# -gt 0 ]; do + case "$1" in + --flake*|-f*) + if [[ "$1" != *=* ]]; then shift; fi + flake="${1#*=}" + ;; + # --user*|-u*) + # if [[ "$1" != *=* ]]; then shift; fi + # user="${1#*=}" + # ;; + --help|-h) + echo "--help -h: print this message" + echo "--flake -f: set the flake to build an installer for" + # echo "--user -u: set the user to install flake as on the target system" + exit 0 + ;; + *) + echo "Error: Invalid argument $1" + exit 1 + ;; + esac + shift +done + +flake=${flake:-"basic"} +user=${user:-$USER} + +nix build .#installerConfigurations.$flake.config.system.build.isoImage \ No newline at end of file diff --git a/configurations/installer/basic/configuration.nix b/configurations/installer/basic/configuration.nix new file mode 100644 index 00000000..4e63727d --- /dev/null +++ b/configurations/installer/basic/configuration.nix @@ -0,0 +1,19 @@ +{ + lib, + pkgs, + modulesPath, + ... +}: { + imports = [(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")]; + + systemd.services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AaAeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee username@host" + ]; + + isoImage.squashfsCompression = "gzip -Xcompression-level 1"; + + networking.hostName = "installer"; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/configurations/installer/basic/default.nix b/configurations/installer/basic/default.nix new file mode 100644 index 00000000..220a6fb7 --- /dev/null +++ b/configurations/installer/basic/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./configuration.nix + ]; +} diff --git a/flake.nix b/flake.nix index 152ea639..e90e17c2 100644 --- a/flake.nix +++ b/flake.nix @@ -76,10 +76,30 @@ util = import ./util {inherit inputs;}; forEachPkgs = util.forEachPkgs; + mkNixosInstaller = util.mkNixosInstaller; mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; + installerSystems = { + basic = mkNixosInstaller "basic" []; + }; + + nixosSystems = { + horizon = mkNixosSystem "horizon"; + twilight = mkNixosSystem "twilight"; + defiant = mkNixosSystem "defiant"; + }; + + darwinSystems = { + hesperium = mkDarwinSystem "hesperium"; + }; + + homeSystems = { + # stand alone home manager configurations here: + # name = mkHome "name" + }; + systemsHomes = nixpkgs.lib.attrsets.mergeAttrsList ( nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( nixpkgs.lib.attrsets.mapAttrs' (user: _: { @@ -88,8 +108,12 @@ }) system.config.home-manager.users )) - (inputs.self.nixosConfigurations // inputs.self.darwinConfigurations) + (nixosSystems // darwinSystems) ); + + homeConfigurations = + systemsHomes + // homeSystems; in { formatter = forEachPkgs (pkgs: pkgs.alejandra); @@ -113,21 +137,12 @@ }; }); - nixosConfigurations = { - horizon = mkNixosSystem "horizon"; - twilight = mkNixosSystem "twilight"; - defiant = mkNixosSystem "defiant"; - }; + installerConfigurations = installerSystems; - darwinConfigurations = { - hesperium = mkDarwinSystem "hesperium"; - }; + nixosConfigurations = nixosSystems; - homeConfigurations = - systemsHomes - // { - # stand alone configurations here: - # name = mkHome "name" - }; + darwinConfigurations = darwinSystems; + + homeConfigurations = homeConfigurations; }; } diff --git a/util/default.nix b/util/default.nix index f04f9c9b..41d985a3 100644 --- a/util/default.nix +++ b/util/default.nix @@ -55,6 +55,16 @@ in { (lib.mkUnless condition no) ]; + mkNixosInstaller = host: userKeys: + nixpkgs.lib.nixosSystem { + modules = [ + { + # TODO: authorized keys for all users + } + ../configurations/nixos/${host} + ]; + }; + mkNixosSystem = host: nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs outputs util;}; From aa5ac89d24d874b32d2b04ac9bada9a64a2ac85c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 29 Nov 2024 15:24:04 -0600 Subject: [PATCH 378/932] updated flake.lock --- flake.lock | 56 +++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/flake.lock b/flake.lock index 90c0c06c..b87338f0 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1732482708, - "narHash": "sha256-B1MQLiWi4bbeNiRXKxEkpztnKyWae4x0LyK32v3DjLk=", + "lastModified": 1732894783, + "narHash": "sha256-7hBU7L07hYPNjamlm/v5scUUwsHQJvyb1a4flozHNt0=", "owner": "nix-community", "repo": "disko", - "rev": "47bc8dfb6f48d5f66a3cb3a4cece83d8ace1f61a", + "rev": "a75ba3b87b7ff230ca8b3a1fbfd4ad907a1a5fa2", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1732479769, - "narHash": "sha256-barZy95JsQt4G9EDZ7RNrjgTneelXXfSzRLJJvokjsI=", + "lastModified": 1732885410, + "narHash": "sha256-2j7D78uvwmlK8pjrMlgLQ8TaeBanDh+XelecDIhYBuY=", "owner": "rycee", "repo": "nur-expressions", - "rev": "80bf66046d8b8624c5991a0c8e512b211acce2b2", + "rev": "9eee63f59ec8d181539d1920a0540094769706ac", "type": "gitlab" }, "original": { @@ -45,11 +45,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1732722421, + "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", "type": "github" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1732884235, + "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "819f682269f4e002884702b87e445c82840c68f2", "type": "github" }, "original": { @@ -184,11 +184,11 @@ ] }, "locked": { - "lastModified": 1729360442, - "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "lastModified": 1732605668, + "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", "ref": "stable", - "rev": "2bbdcd73b9a464f8acf45a7100feb979883ba485", - "revCount": 110, + "rev": "96824d606a6656650bbe436366bc89d5ee3a6573", + "revCount": 113, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -205,11 +205,11 @@ ] }, "locked": { - "lastModified": 1732420287, - "narHash": "sha256-CzvYF4x6jUh/+NEEIFrIY5t1W/N3IA2bNZJiMXu9GTo=", + "lastModified": 1732603785, + "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "3c52583b99666a349a6219dc1f0dd07d75c82d6a", + "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1732499683, - "narHash": "sha256-Hw95rpgNiyAL4v9pJF2756PMud6O0p/1XQixs5f/Shk=", + "lastModified": 1732845259, + "narHash": "sha256-9TCmYZDamS853/KYtIESi8sAKomQWZXSxI1MaB3rGJ8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b376bfa567fd25f9f22b6f51ffaa4f84d0b7c72f", + "rev": "06e54246d3c91e3d5015027516100b58fc3ec986", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { @@ -311,11 +311,11 @@ ] }, "locked": { - "lastModified": 1732186149, - "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=", + "lastModified": 1732575825, + "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699", + "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", "type": "github" }, "original": { From 7c296ffb6aba1c6d4bdb24f7e9e8b46631822a25 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Dec 2024 06:56:44 -0600 Subject: [PATCH 379/932] added task to README --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f1f554fd..b5037060 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,7 @@ - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - https://nixos-and-flakes.thiscute.world/ +- this guy might have a working zfs disko impermanence system - https://github.com/djacu/nixos-config/blob/main/hosts/adalon/disko-config.nix # Tasks: @@ -54,4 +55,5 @@ - mastodon server - tail scale clients - wake on LAN -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- Immich \ No newline at end of file From c016efc0ee79e04a02b3d444c8be49aee9dcd10e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Dec 2024 18:37:36 -0600 Subject: [PATCH 380/932] added note to install script --- install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install.sh b/install.sh index 0ed7cb85..c77d7482 100755 --- a/install.sh +++ b/install.sh @@ -39,6 +39,7 @@ if [ -z ${flake} ]; then exit 1; fi +# TODO: we might not need to copy the key over here anymore? temp=$(mktemp -d) # Function to cleanup temporary directory on exit cleanup() { From d2b3f0116e7e50907cb4e64988b1e5318c70456e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Dec 2024 20:06:57 -0600 Subject: [PATCH 381/932] updated flake lock and removed lix --- flake.lock | 143 ++++++++++------------------------------------- flake.nix | 6 -- util/default.nix | 2 - 3 files changed, 28 insertions(+), 123 deletions(-) diff --git a/flake.lock b/flake.lock index b87338f0..7d882de9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1732894783, - "narHash": "sha256-7hBU7L07hYPNjamlm/v5scUUwsHQJvyb1a4flozHNt0=", + "lastModified": 1733168902, + "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", "owner": "nix-community", "repo": "disko", - "rev": "a75ba3b87b7ff230ca8b3a1fbfd4ad907a1a5fa2", + "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1732885410, - "narHash": "sha256-2j7D78uvwmlK8pjrMlgLQ8TaeBanDh+XelecDIhYBuY=", + "lastModified": 1733354814, + "narHash": "sha256-GNtstc88gUJllOun6UFQzg7P+fDtWkajxN4kUKPLFsw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9eee63f59ec8d181539d1920a0540094769706ac", + "rev": "fd1cc13f297bb18b85a776060edca35b18c7a324", "type": "gitlab" }, "original": { @@ -45,11 +45,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1732722421, - "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -93,24 +93,6 @@ "inputs": { "systems": "systems" }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -125,21 +107,6 @@ "type": "github" } }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -147,11 +114,11 @@ ] }, "locked": { - "lastModified": 1732884235, - "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", + "lastModified": 1733354384, + "narHash": "sha256-foZG2PLwumxYZkpXq7ajHDhuQlXaUeKfOpFfQpMviLM=", "owner": "nix-community", "repo": "home-manager", - "rev": "819f682269f4e002884702b87e445c82840c68f2", + "rev": "0daaded612b0e6eaed0a63fc9d0778d8f05940fe", "type": "github" }, "original": { @@ -160,44 +127,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1732605668, - "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", - "ref": "stable", - "rev": "96824d606a6656650bbe436366bc89d5ee3a6573", - "revCount": 113, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - }, - "original": { - "ref": "stable", - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -205,11 +134,11 @@ ] }, "locked": { - "lastModified": 1732603785, - "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", + "lastModified": 1733351379, + "narHash": "sha256-MTMsAhXxMMVHVN99jT8E0afOAOtt3JQWjYpTja94PAU=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", + "rev": "55d07816a0944f06a9df5ef174999a72fa4060c7", "type": "github" }, "original": { @@ -221,17 +150,17 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1732845259, - "narHash": "sha256-9TCmYZDamS853/KYtIESi8sAKomQWZXSxI1MaB3rGJ8=", + "lastModified": 1733277416, + "narHash": "sha256-+r1bhEqW0ACV+E8TID6FvW0/YJ+46SQ9yk6DpyHtRWg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "06e54246d3c91e3d5015027516100b58fc3ec986", + "rev": "3ea774bace6ac2f8db48a1c1d59271e0209e4b96", "type": "github" }, "original": { @@ -242,11 +171,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1732483221, - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "lastModified": 1733217105, + "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", "type": "github" }, "original": { @@ -258,11 +187,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", "type": "github" }, "original": { @@ -278,7 +207,6 @@ "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "home-manager": "home-manager", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -311,11 +239,11 @@ ] }, "locked": { - "lastModified": 1732575825, - "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", + "lastModified": 1733128155, + "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", + "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", "type": "github" }, "original": { @@ -338,21 +266,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index e90e17c2..bcc31d7c 100644 --- a/flake.nix +++ b/flake.nix @@ -60,12 +60,6 @@ flake-compat = { url = "github:edolstra/flake-compat"; }; - - # lix in nice ig - lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = { diff --git a/util/default.nix b/util/default.nix index 41d985a3..ce85a7ff 100644 --- a/util/default.nix +++ b/util/default.nix @@ -3,7 +3,6 @@ outputs = inputs.self.outputs; lib = inputs.lib; - lix-module = inputs.lix-module; nixpkgs = inputs.nixpkgs; home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; @@ -19,7 +18,6 @@ pkgsFor = system: nixpkgs.legacyPackages.${system}; common-modules = [ - lix-module.nixosModules.default ../modules/common-modules ]; From 848c57caa04b2c6b103144b552c4cad8a555a511 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Dec 2024 21:58:11 -0600 Subject: [PATCH 382/932] got impermanence to wipe drive --- configurations/home-manager/leyla/default.nix | 1 + .../home-manager/leyla/impermanence.nix | 21 ++ .../nixos/defiant/configuration.nix | 57 +++-- configurations/nixos/defiant/default.nix | 3 +- configurations/nixos/defiant/disko-config.nix | 196 ++++++++++-------- .../nixos/defiant/hardware-configuration.nix | 122 +---------- configurations/nixos/defiant/impermanence.nix | 87 ++++++++ flake.lock | 16 ++ flake.nix | 9 +- util/default.nix | 3 + 10 files changed, 281 insertions(+), 234 deletions(-) create mode 100644 configurations/home-manager/leyla/impermanence.nix create mode 100644 configurations/nixos/defiant/impermanence.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index ba8535d2..48d38db5 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -6,6 +6,7 @@ imports = [ ./i18n.nix ./packages.nix + ./impermanence.nix ]; config = { diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix new file mode 100644 index 00000000..c5f228fb --- /dev/null +++ b/configurations/home-manager/leyla/impermanence.nix @@ -0,0 +1,21 @@ +{...}: { + home.persistence."/persistent/home/leyla" = { + directories = [ + "desktop" + "downloads" + "documents" + ".ssh" + ".nixops" + ".local/share/keyrings" + ".local/share/direnv" + { + directory = ".local/share/Steam"; + method = "symlink"; + } + ]; + # files = [ + # ".screenrc" + # ]; + allowOther = true; + }; +} diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 009442e0..ec728cac 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -6,7 +6,7 @@ }: { imports = [ inputs.disko.nixosModules.disko - ./services.nix + # ./services.nix ]; nixpkgs.config.allowUnfree = true; @@ -23,37 +23,30 @@ }; }; - boot.loader.grub = { - enable = true; - zfsSupport = true; - efiSupport = true; - efiInstallAsRemovable = true; - }; - - apps = { - base_domain = "jan-leila.com"; - macvlan = { - subnet = "192.168.1.0/24"; - gateway = "192.168.1.1"; - networkInterface = "bond0"; - }; - pihole = { - image = "pihole/pihole:2024.07.0"; - ip = "192.168.1.201"; - }; - headscale = { - subdomain = "vpn"; - }; - jellyfin = { - subdomain = "media"; - }; - forgejo = { - subdomain = "git"; - }; - nextcloud = { - subdomain = "drive"; - }; - }; + # apps = { + # base_domain = "jan-leila.com"; + # macvlan = { + # subnet = "192.168.1.0/24"; + # gateway = "192.168.1.1"; + # networkInterface = "bond0"; + # }; + # pihole = { + # image = "pihole/pihole:2024.07.0"; + # ip = "192.168.1.201"; + # }; + # headscale = { + # subdomain = "vpn"; + # }; + # jellyfin = { + # subdomain = "media"; + # }; + # forgejo = { + # subdomain = "git"; + # }; + # nextcloud = { + # subdomain = "drive"; + # }; + # }; services = { zfs = { diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 36e1b6fd..d5ea5948 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -1,8 +1,9 @@ # server nas {...}: { imports = [ - ./configuration.nix ./disko-config.nix ./hardware-configuration.nix + ./impermanence.nix + ./configuration.nix ]; } diff --git a/configurations/nixos/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix index 0be19c48..82fd480c 100644 --- a/configurations/nixos/defiant/disko-config.nix +++ b/configurations/nixos/defiant/disko-config.nix @@ -1,26 +1,4 @@ -{...}: let - bootDisk = devicePath: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; # for grub MBR - }; - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - }; - }; - }; +{lib, ...}: let zfsDisk = devicePath: { type = "disk"; device = devicePath; @@ -37,41 +15,41 @@ }; }; }; - # cacheDisk = devicePath: swapSize: { - # type = "disk"; - # device = devicePath; - # content = { - # type = "gpt"; - # partitions = { - # encryptedSwap = { - # size = swapSize; - # content = { - # type = "swap"; - # randomEncryption = true; - # discardPolicy = "both"; - # resumeDevice = true; - # }; - # }; - # zfs = { - # size = "100%"; - # content = { - # type = "zfs"; - # pool = "rpool"; - # }; - # }; - # }; - # }; - # }; + cacheDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + ESP = { + size = "64M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; in { disko.devices = { disk = { - boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - - # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; + ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; }; zpool = { rpool = { @@ -84,58 +62,106 @@ in { # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? mode = "mirror"; members = [ - "hd_13_tb_a" - "hd_13_tb_b" - "hd_13_tb_c" + "hd_18_tb_a" + "hd_18_tb_b" + "hd_18_tb_c" ]; } ]; - cache = []; - # cache = [ "ssd_2_tb_a" ];z + cache = ["ssd_4_tb_a"]; }; }; options = { ashift = "12"; + autotrim = "on"; }; - rootFsOptions = { - # encryption = "on"; - # keyformat = "hex"; - # keylocation = "prompt"; - compression = "lz4"; - xattr = "sa"; - acltype = "posixacl"; - canmount = "off"; - "com.sun:auto-snapshot" = "false"; - }; + rootFsOptions = + { + canmount = "off"; + mountpoint = "none"; + + xattr = "sa"; + acltype = "posixacl"; + relatime = "on"; + + compression = "lz4"; + + "com.sun:auto-snapshot" = "false"; + } + # TODO: have an option to enable encryption + // lib.attrsets.optionalAttrs false { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + }; datasets = { - root = { + # local datasets are for data that should be considered ephemeral + "local" = { type = "zfs_fs"; - mountpoint = "/"; - options.mountpoint = "legacy"; - postCreateHook = "zfs snapshot rpool/root@blank"; + options.canmount = "off"; }; - home = { - type = "zfs_fs"; - options.mountpoint = "legacy"; - mountpoint = "/home"; - postCreateHook = "zfs snapshot rpool/home@blank"; - }; - nix = { + # the nix directory is local because its all generable from our configuration + "local/system/nix" = { type = "zfs_fs"; mountpoint = "/nix"; - }; - persistent = { - type = "zfs_fs"; - mountpoint = "/persistent"; options = { - "com.sun:auto-snapshot" = "true"; + atime = "off"; + relatime = "off"; + canmount = "on"; }; }; + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + "local/home/leyla" = { + type = "zfs_fs"; + mountpoint = "/home/leyla"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/home/leyla@blank + ''; + }; + + # persist datasets are datasets that contain information that we would like to keep around + "persist" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + "persist/system/root" = { + type = "zfs_fs"; + mountpoint = "/persist/system/root"; + options = { + "com.sun:auto-snapshot" = "true"; + mountpoint = "/persist/system/root"; + }; + }; + "persist/home/leyla" = { + type = "zfs_fs"; + mountpoint = "/persist/home/leyla"; + options = { + "com.sun:auto-snapshot" = "true"; + mountpoint = "/persist/home/leyla"; + }; + }; + + # TODO: separate dataset for logs that wont participate in snapshots and rollbacks with the rest of the system }; }; }; }; + networking = { + hostId = "c51763d6"; + }; } diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index b55bcfd8..425cbc22 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -11,136 +11,32 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - security.sudo.extraConfig = "Defaults lecture=never"; - boot = { initrd = { - availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"]; + availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod"]; kernelModules = []; - # TODO: figure out some kind of snapshotting before rollbacks - # postDeviceCommands = lib.mkAfter '' - # zfs rollback -r rpool/root@blank - # zfs rollback -r rpool/home@blank - # ''; - # systemd = { - # enable = lib.mkDefault true; - # services.rollback = { - # description = "Rollback root filesystem to a pristine state on boot"; - # wantedBy = [ - # "zfs.target" - # "initrd.target" - # ]; - # after = [ - # "zfs-import-rpool.service" - # ]; - # before = [ - # "sysroot.mount" - # "fs.target" - # ]; - # path = with pkgs; [ - # zfs - # ]; - # unitConfig.DefaultDependencies = "no"; - # # serviceConfig = { - # # Type = "oneshot"; - # # ExecStart = - # # "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank"; - # # }; - # serviceConfig.Type = "oneshot"; - # script = '' - # zfs list -t snapshot || echo - # zfs rollback -r rpool/root@blank - # zfs rollback -r rpool/home@blank - # ''; - # }; - # }; }; kernelModules = ["kvm-amd"]; - kernelParams = ["quiet"]; extraModulePackages = []; + # Bootloader. + loader = { + systemd-boot.enable = true; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; supportedFilesystems = ["zfs"]; zfs.extraPools = ["rpool"]; }; - swapDevices = []; - - # fileSystems = { - # "/" = { - # neededForBoot = true; - # }; - - # "/home" = { - # neededForBoot = true; - # }; - - # "/persistent" = { - # neededForBoot = true; - # }; - # }; - networking = { - hostId = "c51763d6"; hostName = "defiant"; # Define your hostname. useNetworkd = true; }; - # environment.persistence."/persistent" = { - # enable = true; - # hideMounts = true; - # directories = [ - # # "/run/secrets" - - # "/etc/ssh" - - # "/var/log" - # "/var/lib/nixos" - # "/var/lib/systemd/coredump" - - # # config.apps.pihole.directory.root - - # # config.apps.jellyfin.mediaDirectory - # # config.services.jellyfin.configDir - # # config.services.jellyfin.cacheDir - # # config.services.jellyfin.dataDir - - # # "/var/hass" # config.users.users.hass.home - # # "/var/postgresql" # config.users.users.postgresql.home - # # "/var/forgejo" # config.users.users.forgejo.home - # # "/var/nextcloud" # config.users.users.nextcloud.home - # # "/var/headscale" # config.users.users.headscale.home - # ]; - # files = [ - # "/etc/machine-id" - # # config.environment.sessionVariables.SOPS_AGE_KEY_FILE - # ]; - # users.leyla = { - # directories = [ - # "documents" - # ".ssh" - # ]; - # files = []; - # }; - # }; - - # systemd.services = { - # # https://github.com/openzfs/zfs/issues/10891 - # systemd-udev-settle.enable = false; - # # Snapshots are not accessible on boot for some reason this should fix it - # # https://github.com/NixOS/nixpkgs/issues/257505 - # zfs-mount = { - # serviceConfig = { - # # ExecStart = [ "${lib.getExe' pkgs.util-linux "mount"} -a -t zfs -o remount" ]; - # ExecStart = [ - # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/root -o remount" - # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/home -o remount" - # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" - # ]; - # }; - # }; - # }; - systemd.network = { enable = true; diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix new file mode 100644 index 00000000..9d8b2af2 --- /dev/null +++ b/configurations/nixos/defiant/impermanence.nix @@ -0,0 +1,87 @@ +{ + lib, + config, + ... +}: { + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/system/root@blank + zfs rollback -r rpool/local/home/leyla@blank + ''; + + # systemd.services = { + # # https://github.com/openzfs/zfs/issues/10891 + # systemd-udev-settle.enable = false; + # # Snapshots are not accessible on boot for some reason this should fix it + # # https://github.com/NixOS/nixpkgs/issues/257505 + # zfs-mount = { + # serviceConfig = { + # ExecStart = ["zfs mount -a -o remount"]; + # # ExecStart = [ + # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/local -o remount" + # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" + # # ]; + # }; + # }; + # }; + + # boot.initrd.systemd.services.rollback = { + # description = "Rollback filesystem to a pristine state on boot"; + # wantedBy = [ + # "initrd.target" + # ]; + # after = [ + # "zfs-import-rpool.service" + # ]; + # before = [ + # "sysroot.mount" + # ]; + # requiredBy = [ + # "sysroot.mount" + # ]; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = '' + # zfs rollback -r rpool/local/system/root@blank + # zfs rollback -r rpool/local/home@blank + # ''; + # }; + # }; + + fileSystems."/".neededForBoot = true; + fileSystems."/home/leyla".neededForBoot = true; + fileSystems."/persist/system/root".neededForBoot = true; + fileSystems."/persist/home/leyla".neededForBoot = true; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + "/run/secrets" + + "/etc/ssh" + + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + + # config.apps.pihole.directory.root + + # config.apps.jellyfin.mediaDirectory + # config.services.jellyfin.configDir + # config.services.jellyfin.cacheDir + # config.services.jellyfin.dataDir + + # "/var/hass" # config.users.users.hass.home + # "/var/postgresql" # config.users.users.postgresql.home + # "/var/forgejo" # config.users.users.forgejo.home + # "/var/nextcloud" # config.users.users.nextcloud.home + # "/var/headscale" # config.users.users.headscale.home + ]; + files = [ + "/etc/machine-id" + config.environment.sessionVariables.SOPS_AGE_KEY_FILE + ]; + }; + + security.sudo.extraConfig = "Defaults lecture=never"; +} diff --git a/flake.lock b/flake.lock index 7d882de9..83f85f82 100644 --- a/flake.lock +++ b/flake.lock @@ -127,6 +127,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1731242966, + "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -207,6 +222,7 @@ "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "home-manager": "home-manager", + "impermanence": "impermanence", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", diff --git a/flake.nix b/flake.nix index bcc31d7c..54d1f7d9 100644 --- a/flake.nix +++ b/flake.nix @@ -24,9 +24,9 @@ }; # delete your darlings - # impermanence = { - # url = "github:nix-community/impermanence"; - # }; + impermanence = { + url = "github:nix-community/impermanence"; + }; nix-darwin = { url = "github:LnL7/nix-darwin"; @@ -65,6 +65,9 @@ outputs = { self, nixpkgs, + sops-nix, + home-manager, + impermanence, ... } @ inputs: let util = import ./util {inherit inputs;}; diff --git a/util/default.nix b/util/default.nix index ce85a7ff..9ddb5e88 100644 --- a/util/default.nix +++ b/util/default.nix @@ -7,6 +7,7 @@ home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; + impermanence = inputs.impermanence; systems = [ "aarch64-darwin" @@ -25,6 +26,7 @@ common-modules ++ [ sops-nix.homeManagerModules.sops + impermanence.homeManagerModules.impermanence ../modules/home-manager-modules ]; @@ -70,6 +72,7 @@ in { system-modules ++ [ sops-nix.nixosModules.sops + impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager ../modules/nixos-modules ../configurations/nixos/${host} From 131f730caf2acd8bdaa2683c2fa85ffb4e3b0fcb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 9 Dec 2024 10:52:59 -0600 Subject: [PATCH 383/932] added webtoons dl --- configurations/nixos/horizon/configuration.nix | 12 +++++++++++- configurations/nixos/horizon/webtoon-dl.nix | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 configurations/nixos/horizon/webtoon-dl.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 593274cf..2d16c746 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,4 +1,8 @@ -{inputs, ...}: { +{ + inputs, + pkgs, + ... +}: { imports = [ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ]; @@ -17,6 +21,12 @@ }; }; + environment.systemPackages = [ + (pkgs.callPackage + ./webtoon-dl.nix + {}) + ]; + # enabled virtualisation for docker # virtualisation.docker = { # enable = true; diff --git a/configurations/nixos/horizon/webtoon-dl.nix b/configurations/nixos/horizon/webtoon-dl.nix new file mode 100644 index 00000000..43410989 --- /dev/null +++ b/configurations/nixos/horizon/webtoon-dl.nix @@ -0,0 +1,18 @@ +{ + buildGoModule, + fetchFromGitHub, + ... +}: +buildGoModule rec { + pname = "webtoon-dl"; + version = "0.0.10"; + + src = fetchFromGitHub { + owner = "robinovitch61"; + repo = "webtoon-dl"; + rev = "v${version}"; + hash = "sha256-geVb3LFPZxPQYARZnaqOr5sgaN6mqkEX5ZiLvg8mF5k="; + }; + + vendorHash = "sha256-NTqUygJ6b6kTnLUnJqxCo/URzaRouPLACEPi2Ob1s9w="; +} From c28731a1a7a26393c854992c4b1914cf0b640ddf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 9 Dec 2024 16:57:13 -0600 Subject: [PATCH 384/932] made impermanence work --- configurations/nixos/defiant/disko-config.nix | 18 ++++++++++++++++-- configurations/nixos/defiant/impermanence.nix | 8 ++------ 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/configurations/nixos/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix index 82fd480c..677a6468 100644 --- a/configurations/nixos/defiant/disko-config.nix +++ b/configurations/nixos/defiant/disko-config.nix @@ -48,6 +48,9 @@ in { hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + hd_18_tb_d = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTE0S3Q"; + hd_18_tb_e = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEF27J"; + hd_18_tb_f = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEZACV"; ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; }; @@ -59,12 +62,14 @@ in { type = "topology"; vdev = [ { - # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? - mode = "mirror"; + mode = "raidz2"; members = [ "hd_18_tb_a" "hd_18_tb_b" "hd_18_tb_c" + "hd_18_tb_d" + "hd_18_tb_e" + "hd_18_tb_f" ]; } ]; @@ -113,6 +118,15 @@ in { canmount = "on"; }; }; + "local/system/sops" = { + type = "zfs_fs"; + mountpoint = import ../../../const/sops_age_key_directory.nix; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; "local/system/root" = { type = "zfs_fs"; mountpoint = "/"; diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix index 9d8b2af2..13a380e6 100644 --- a/configurations/nixos/defiant/impermanence.nix +++ b/configurations/nixos/defiant/impermanence.nix @@ -1,8 +1,4 @@ -{ - lib, - config, - ... -}: { +{lib, ...}: { boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank zfs rollback -r rpool/local/home/leyla@blank @@ -51,6 +47,7 @@ fileSystems."/home/leyla".neededForBoot = true; fileSystems."/persist/system/root".neededForBoot = true; fileSystems."/persist/home/leyla".neededForBoot = true; + fileSystems.${import ../../../const/sops_age_key_directory.nix}.neededForBoot = true; environment.persistence."/persist/system/root" = { enable = true; @@ -79,7 +76,6 @@ ]; files = [ "/etc/machine-id" - config.environment.sessionVariables.SOPS_AGE_KEY_FILE ]; }; From 30ad3c91b9951535cb5f9ce69f6391ffa2bc5b48 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 10 Dec 2024 23:43:53 -0600 Subject: [PATCH 385/932] made disko/impermanence config into a module --- .../nixos/defiant/configuration.nix | 34 +- configurations/nixos/defiant/default.nix | 2 - configurations/nixos/defiant/disko-config.nix | 181 ------- configurations/nixos/defiant/impermanence.nix | 85 +--- modules/nixos-modules/default.nix | 2 + modules/nixos-modules/disko.nix | 168 +++++++ modules/nixos-modules/impermanence.nix | 110 +++++ modules/nixos-modules/users.nix | 446 ++++++++++-------- modules/system-modules/users.nix | 7 +- util/default.nix | 2 + 10 files changed, 571 insertions(+), 466 deletions(-) delete mode 100644 configurations/nixos/defiant/disko-config.nix create mode 100644 modules/nixos-modules/disko.nix create mode 100644 modules/nixos-modules/impermanence.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ec728cac..c7aec9b6 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,11 +1,6 @@ # server nas -{ - inputs, - pkgs, - ... -}: { +{pkgs, ...}: { imports = [ - inputs.disko.nixosModules.disko # ./services.nix ]; @@ -21,6 +16,33 @@ ester.isNormalUser = false; eve.isNormalUser = false; }; + impermanence.enable = true; + storage = { + enable = true; + encryption = true; + pool = { + drives = [ + "ata-ST18000NE000-3G6101_ZVTCXVEB" + "ata-ST18000NE000-3G6101_ZVTCXWSC" + "ata-ST18000NE000-3G6101_ZVTD10EH" + "ata-ST18000NT001-3NF101_ZVTE0S3Q" + "ata-ST18000NT001-3NF101_ZVTEF27J" + "ata-ST18000NT001-3NF101_ZVTEZACV" + ]; + cache = [ + "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" + ]; + # extraDatasets = { + # "persist/system/var/lib/jellyfin/media" = { + # type = "zfs_fs"; + # mountpoint = "/persist/system/var/lib/jellyfin/media"; + # }; + # }; + }; + }; + }; + networking = { + hostId = "c51763d6"; }; # apps = { diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index d5ea5948..fe850afe 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -1,9 +1,7 @@ # server nas {...}: { imports = [ - ./disko-config.nix ./hardware-configuration.nix - ./impermanence.nix ./configuration.nix ]; } diff --git a/configurations/nixos/defiant/disko-config.nix b/configurations/nixos/defiant/disko-config.nix deleted file mode 100644 index 677a6468..00000000 --- a/configurations/nixos/defiant/disko-config.nix +++ /dev/null @@ -1,181 +0,0 @@ -{lib, ...}: let - zfsDisk = devicePath: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }; - cacheDisk = devicePath: { - type = "disk"; - device = devicePath; - content = { - type = "gpt"; - partitions = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - ESP = { - size = "64M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }; -in { - disko.devices = { - disk = { - hd_18_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; - hd_18_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; - hd_18_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; - hd_18_tb_d = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTE0S3Q"; - hd_18_tb_e = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEF27J"; - hd_18_tb_f = zfsDisk "/dev/disk/by-id/ata-ST18000NT001-3NF101_ZVTEZACV"; - - ssd_4_tb_a = cacheDisk "/dev/disk/by-id/nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"; - }; - zpool = { - rpool = { - type = "zpool"; - mode = { - topology = { - type = "topology"; - vdev = [ - { - mode = "raidz2"; - members = [ - "hd_18_tb_a" - "hd_18_tb_b" - "hd_18_tb_c" - "hd_18_tb_d" - "hd_18_tb_e" - "hd_18_tb_f" - ]; - } - ]; - cache = ["ssd_4_tb_a"]; - }; - }; - - options = { - ashift = "12"; - autotrim = "on"; - }; - - rootFsOptions = - { - canmount = "off"; - mountpoint = "none"; - - xattr = "sa"; - acltype = "posixacl"; - relatime = "on"; - - compression = "lz4"; - - "com.sun:auto-snapshot" = "false"; - } - # TODO: have an option to enable encryption - // lib.attrsets.optionalAttrs false { - encryption = "on"; - keyformat = "hex"; - keylocation = "prompt"; - }; - - datasets = { - # local datasets are for data that should be considered ephemeral - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # the nix directory is local because its all generable from our configuration - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - "local/system/sops" = { - type = "zfs_fs"; - mountpoint = import ../../../const/sops_age_key_directory.nix; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - "local/home/leyla" = { - type = "zfs_fs"; - mountpoint = "/home/leyla"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/home/leyla@blank - ''; - }; - - # persist datasets are datasets that contain information that we would like to keep around - "persist" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - "persist/system/root" = { - type = "zfs_fs"; - mountpoint = "/persist/system/root"; - options = { - "com.sun:auto-snapshot" = "true"; - mountpoint = "/persist/system/root"; - }; - }; - "persist/home/leyla" = { - type = "zfs_fs"; - mountpoint = "/persist/home/leyla"; - options = { - "com.sun:auto-snapshot" = "true"; - mountpoint = "/persist/home/leyla"; - }; - }; - - # TODO: separate dataset for logs that wont participate in snapshots and rollbacks with the rest of the system - }; - }; - }; - }; - networking = { - hostId = "c51763d6"; - }; -} diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix index 13a380e6..9339d40b 100644 --- a/configurations/nixos/defiant/impermanence.nix +++ b/configurations/nixos/defiant/impermanence.nix @@ -1,83 +1,4 @@ -{lib, ...}: { - boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank - zfs rollback -r rpool/local/home/leyla@blank - ''; - - # systemd.services = { - # # https://github.com/openzfs/zfs/issues/10891 - # systemd-udev-settle.enable = false; - # # Snapshots are not accessible on boot for some reason this should fix it - # # https://github.com/NixOS/nixpkgs/issues/257505 - # zfs-mount = { - # serviceConfig = { - # ExecStart = ["zfs mount -a -o remount"]; - # # ExecStart = [ - # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/local -o remount" - # # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount" - # # ]; - # }; - # }; - # }; - - # boot.initrd.systemd.services.rollback = { - # description = "Rollback filesystem to a pristine state on boot"; - # wantedBy = [ - # "initrd.target" - # ]; - # after = [ - # "zfs-import-rpool.service" - # ]; - # before = [ - # "sysroot.mount" - # ]; - # requiredBy = [ - # "sysroot.mount" - # ]; - # serviceConfig = { - # Type = "oneshot"; - # ExecStart = '' - # zfs rollback -r rpool/local/system/root@blank - # zfs rollback -r rpool/local/home@blank - # ''; - # }; - # }; - - fileSystems."/".neededForBoot = true; - fileSystems."/home/leyla".neededForBoot = true; - fileSystems."/persist/system/root".neededForBoot = true; - fileSystems."/persist/home/leyla".neededForBoot = true; - fileSystems.${import ../../../const/sops_age_key_directory.nix}.neededForBoot = true; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - "/run/secrets" - - "/etc/ssh" - - "/var/log" - "/var/lib/nixos" - "/var/lib/systemd/coredump" - - # config.apps.pihole.directory.root - - # config.apps.jellyfin.mediaDirectory - # config.services.jellyfin.configDir - # config.services.jellyfin.cacheDir - # config.services.jellyfin.dataDir - - # "/var/hass" # config.users.users.hass.home - # "/var/postgresql" # config.users.users.postgresql.home - # "/var/forgejo" # config.users.users.forgejo.home - # "/var/nextcloud" # config.users.users.nextcloud.home - # "/var/headscale" # config.users.users.headscale.home - ]; - files = [ - "/etc/machine-id" - ]; - }; - - security.sudo.extraConfig = "Defaults lecture=never"; +{...}: { + # fileSystems."/home/leyla".neededForBoot = true; + # fileSystems."/persist/home/leyla".neededForBoot = true; } diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 85e6c5a3..9461612d 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -8,5 +8,7 @@ ./desktop.nix ./ssh.nix ./i18n.nix + ./impermanence.nix + ./disko.nix ]; } diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix new file mode 100644 index 00000000..b65538d0 --- /dev/null +++ b/modules/nixos-modules/disko.nix @@ -0,0 +1,168 @@ +{ + lib, + config, + inputs, + ... +}: let + # there currently is a bug with disko that causes long disk names to be generated improperly this hash function should alleviate it when used for disk names instead of what we are defaulting to + # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that + hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); + + vdevs = + builtins.map ( + disks: + builtins.map (disk: lib.attrsets.nameValuePair (hashDisk disk) disk) disks + ) + config.host.storage.pool.vdevs; + cache = + builtins.map ( + disk: lib.attrsets.nameValuePair (hashDisk disk) disk + ) + config.host.storage.pool.cache; +in { + options.host.storage = { + enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; + encryption = lib.mkEnableOption "is the vdev going to be encrypted"; + pool = { + vdevs = lib.mkOption { + type = lib.types.listOf (lib.types.listOf lib.types.str); + description = "list of disks that are going to be in"; + default = [config.host.storage.pool.drives]; + }; + drives = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of drives that are going to be in the vdev"; + default = []; + }; + cache = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of drives that are going to be used as cache"; + default = []; + }; + extraDatasets = lib.mkOption { + type = lib.types.attrsOf (inputs.disko.lib.subType { + types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; + }); + description = "List of datasets to define"; + default = {}; + }; + }; + }; + + config = lib.mkIf config.host.storage.enable { + disko.devices = { + disk = ( + builtins.listToAttrs ( + ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) + (lib.lists.flatten vdevs) + ) + ++ ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + ESP = { + size = "64M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) + cache + ) + ) + ); + zpool = { + rpool = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = ( + builtins.map (disks: { + mode = "raidz2"; + members = + builtins.map (disk: disk.name) disks; + }) + vdevs + ); + cache = builtins.map (disk: disk.name) cache; + }; + }; + + options = { + ashift = "12"; + autotrim = "on"; + }; + + rootFsOptions = + { + canmount = "off"; + mountpoint = "none"; + + xattr = "sa"; + acltype = "posixacl"; + relatime = "on"; + + compression = "lz4"; + + "com.sun:auto-snapshot" = "false"; + } + // ( + lib.attrsets.optionalAttrs config.host.storage.encryption { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + } + ); + + datasets = lib.mkMerge [ + (lib.attrsets.mapAttrs (name: value: { + type = value.type; + options = value.options; + mountpoint = value.mountpoint; + postCreateHook = value.postCreateHook; + }) + config.host.storage.pool.extraDatasets) + ]; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix new file mode 100644 index 00000000..a923b82d --- /dev/null +++ b/modules/nixos-modules/impermanence.nix @@ -0,0 +1,110 @@ +{ + config, + lib, + ... +}: { + options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; + + # TODO: validate that config.host.storage.enable is enabled + config = lib.mkMerge [ + { + assertions = [ + { + assertion = !(config.host.impermanence.enable && !config.host.storage.enable); + message = '' + Disko storage must be enabled to use impermanence. + ''; + } + ]; + } + ( + lib.mkIf config.host.impermanence.enable { + boot.initrd.postResumeCommands = lib.mkAfter '' + zfs rollback -r rpool/local/system/root@blank + 1 ''; + + fileSystems = { + "/".neededForBoot = true; + "/persist/system/root".neededForBoot = true; + }; + + host.storage.pool.extraDatasets = { + # local datasets are for data that should be considered ephemeral + "local" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up + "local/system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + # dataset for root that gets rolled back on every boot + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + + # persist datasets are datasets that contain information that we would like to keep around + "persist" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # this is where root data actually lives + "persist/system/root" = { + type = "zfs_fs"; + mountpoint = "/persist/system/root"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + "persist/system/var/log" = { + type = "zfs_fs"; + mountpoint = "/persist/system/var/log"; + }; + }; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + "/etc/ssh" + + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + + # config.apps.pihole.directory.root + + # config.apps.jellyfin.mediaDirectory + # config.services.jellyfin.configDir + # config.services.jellyfin.cacheDir + # config.services.jellyfin.dataDir + + # "/var/hass" # config.users.users.hass.home + # "/var/postgresql" # config.users.users.postgresql.home + # "/var/forgejo" # config.users.users.forgejo.home + # "/var/nextcloud" # config.users.users.nextcloud.home + # "/var/headscale" # config.users.users.headscale.home + ]; + files = [ + "/etc/machine-id" + ]; + }; + + security.sudo.extraConfig = "Defaults lecture=never"; + } + ) + ]; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 214ccd64..6fe37fdf 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -10,7 +10,7 @@ principleUsers = host.principleUsers; terminalUsers = host.terminalUsers; - # normalUsers = host.normalUsers; + normalUsers = host.normalUsers; uids = { leyla = 1000; @@ -43,213 +43,273 @@ ester = users.ester.name; eve = users.eve.name; in { - config = { - # principle users are by definition trusted - nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; + config = lib.mkMerge [ + { + # principle users are by definition trusted + nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; - # we should only be able to ssh into principle users of a computer who are also set up for terminal access - services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers); + # we should only be able to ssh into principle users of a computer who are also set up for terminal access + services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers); - # we need to set up env variables to nix can find keys to decrypt passwords on rebuild - environment = { - sessionVariables = { - SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY; - SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; - }; - }; - - # set up user passwords - sops = { - defaultSopsFormat = "yaml"; - gnupg.sshKeyPaths = []; - - age = { - keyFile = "/var/lib/sops-nix/key.txt"; - sshKeyPaths = []; - # generateKey = true; - }; - - secrets = { - "passwords/leyla" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/eve" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; + # we need to set up env variables to nix can find keys to decrypt passwords on rebuild + environment = { + sessionVariables = { + SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY; + SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; + }; + }; + + # set up user passwords + sops = { + defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; + + age = { + keyFile = "/var/lib/sops-nix/key.txt"; + sshKeyPaths = []; + # generateKey = true; + }; + + secrets = { + "passwords/leyla" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/ester" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; + "passwords/eve" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; }; }; - }; - users = { - mutableUsers = false; users = { - leyla = { - uid = lib.mkForce uids.leyla; - name = lib.mkForce host.users.leyla.name; - description = "Leyla"; - extraGroups = - (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) - ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) - ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - isNormalUser = host.users.leyla.isNormalUser; - isSystemUser = !host.users.leyla.isNormalUser; - group = config.users.users.leyla.name; - }; - - ester = { - uid = lib.mkForce uids.ester; - name = lib.mkForce host.users.ester.name; - description = "Ester"; - extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - isNormalUser = host.users.ester.isNormalUser; - isSystemUser = !host.users.ester.isNormalUser; - group = config.users.users.ester.name; - }; - - eve = { - uid = lib.mkForce uids.eve; - name = lib.mkForce host.users.eve.name; - description = "Eve"; - extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - isNormalUser = host.users.eve.isNormalUser; - isSystemUser = !host.users.eve.isNormalUser; - group = config.users.users.eve.name; - }; - - jellyfin = { - uid = lib.mkForce uids.jellyfin; - isSystemUser = true; - group = config.users.users.jellyfin.name; - }; - - forgejo = { - uid = lib.mkForce uids.forgejo; - isSystemUser = true; - group = config.users.users.forgejo.name; - }; - - pihole = { - uid = lib.mkForce uids.pihole; - isSystemUser = true; - group = config.users.users.pihole.name; - }; - - hass = { - uid = lib.mkForce uids.hass; - isSystemUser = true; - group = config.users.users.hass.name; - }; - - headscale = { - uid = lib.mkForce uids.headscale; - isSystemUser = true; - group = config.users.users.headscale.name; - }; - - nextcloud = { - uid = lib.mkForce uids.nextcloud; - isSystemUser = true; - group = config.users.users.nextcloud.name; - }; - }; - - groups = { - leyla = { - gid = lib.mkForce gids.leyla; - members = [ - leyla - ]; - }; - - ester = { - gid = lib.mkForce gids.ester; - members = [ - ester - ]; - }; - - eve = { - gid = lib.mkForce gids.eve; - members = [ - eve - ]; - }; - + mutableUsers = false; users = { - gid = lib.mkForce gids.users; - members = [ - leyla - ester - eve - ]; + leyla = { + uid = lib.mkForce uids.leyla; + name = lib.mkForce host.users.leyla.name; + description = "Leyla"; + extraGroups = + (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) + ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) + ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + isNormalUser = host.users.leyla.isNormalUser; + isSystemUser = !host.users.leyla.isNormalUser; + group = config.users.users.leyla.name; + }; + + ester = { + uid = lib.mkForce uids.ester; + name = lib.mkForce host.users.ester.name; + description = "Ester"; + extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + isNormalUser = host.users.ester.isNormalUser; + isSystemUser = !host.users.ester.isNormalUser; + group = config.users.users.ester.name; + }; + + eve = { + uid = lib.mkForce uids.eve; + name = lib.mkForce host.users.eve.name; + description = "Eve"; + extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + isNormalUser = host.users.eve.isNormalUser; + isSystemUser = !host.users.eve.isNormalUser; + group = config.users.users.eve.name; + }; + + jellyfin = { + uid = lib.mkForce uids.jellyfin; + isSystemUser = true; + group = config.users.users.jellyfin.name; + }; + + forgejo = { + uid = lib.mkForce uids.forgejo; + isSystemUser = true; + group = config.users.users.forgejo.name; + }; + + pihole = { + uid = lib.mkForce uids.pihole; + isSystemUser = true; + group = config.users.users.pihole.name; + }; + + hass = { + uid = lib.mkForce uids.hass; + isSystemUser = true; + group = config.users.users.hass.name; + }; + + headscale = { + uid = lib.mkForce uids.headscale; + isSystemUser = true; + group = config.users.users.headscale.name; + }; + + nextcloud = { + uid = lib.mkForce uids.nextcloud; + isSystemUser = true; + group = config.users.users.nextcloud.name; + }; }; - jellyfin_media = { - gid = lib.mkForce gids.jellyfin_media; - members = [ - users.jellyfin.name - leyla - ester - eve - ]; - }; + groups = { + leyla = { + gid = lib.mkForce gids.leyla; + members = [ + leyla + ]; + }; - jellyfin = { - gid = lib.mkForce gids.jellyfin; - members = [ - users.jellyfin.name - # leyla - ]; - }; + ester = { + gid = lib.mkForce gids.ester; + members = [ + ester + ]; + }; - forgejo = { - gid = lib.mkForce gids.forgejo; - members = [ - users.forgejo.name - # leyla - ]; - }; + eve = { + gid = lib.mkForce gids.eve; + members = [ + eve + ]; + }; - pihole = { - gid = lib.mkForce gids.pihole; - members = [ - users.pihole.name - # leyla - ]; - }; + users = { + gid = lib.mkForce gids.users; + members = [ + leyla + ester + eve + ]; + }; - hass = { - gid = lib.mkForce gids.hass; - members = [ - users.hass.name - # leyla - ]; - }; + jellyfin_media = { + gid = lib.mkForce gids.jellyfin_media; + members = [ + users.jellyfin.name + leyla + ester + eve + ]; + }; - headscale = { - gid = lib.mkForce gids.headscale; - members = [ - users.headscale.name - # leyla - ]; - }; + jellyfin = { + gid = lib.mkForce gids.jellyfin; + members = [ + users.jellyfin.name + # leyla + ]; + }; - nextcloud = { - gid = lib.mkForce gids.nextcloud; - members = [ - users.nextcloud.name - # leyla - ]; + forgejo = { + gid = lib.mkForce gids.forgejo; + members = [ + users.forgejo.name + # leyla + ]; + }; + + pihole = { + gid = lib.mkForce gids.pihole; + members = [ + users.pihole.name + # leyla + ]; + }; + + hass = { + gid = lib.mkForce gids.hass; + members = [ + users.hass.name + # leyla + ]; + }; + + headscale = { + gid = lib.mkForce gids.headscale; + members = [ + users.headscale.name + # leyla + ]; + }; + + nextcloud = { + gid = lib.mkForce gids.nextcloud; + members = [ + users.nextcloud.name + # leyla + ]; + }; }; }; - }; - }; + } + (lib.mkIf config.host.impermanence.enable { + boot.initrd.postResumeCommands = lib.mkAfter ( + lib.strings.concatStrings (builtins.map (user: '' + zfs rollback -r rpool/local/home/${user.name}@blank + '') + normalUsers) + ); + + fileSystems.${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + "/run/secrets" + ]; + }; + + host.storage.pool.extraDatasets = lib.mkMerge [ + { + # sops age key needs to be available to pre persist for user generation + "local/system/sops" = { + type = "zfs_fs"; + mountpoint = SOPS_AGE_KEY_DIRECTORY; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + } + ( + lib.mkMerge + ( + builtins.map (user: { + "local/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/home/${user.name}"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/home/${user.name}@blank + ''; + }; + "persist/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/persist/home/${user.name}"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + }) + normalUsers + ) + ) + ]; + }) + ]; } diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index 33df3d1a..afda7d45 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -67,10 +67,13 @@ in { default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; }; normalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isTerminalUser) hostUsers; + default = lib.lists.filter (user: user.isNormalUser) hostUsers; + }; + desktopUsers = lib.mkOption { + default = lib.lists.filter (user: user.isDesktopUser) hostUsers; }; terminalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isNormalUser) hostUsers; + default = lib.lists.filter (user: user.isTerminalUser) hostUsers; }; }; diff --git a/util/default.nix b/util/default.nix index 9ddb5e88..33942a8c 100644 --- a/util/default.nix +++ b/util/default.nix @@ -7,6 +7,7 @@ home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; + disko = inputs.disko; impermanence = inputs.impermanence; systems = [ @@ -74,6 +75,7 @@ in { sops-nix.nixosModules.sops impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager + disko.nixosModules.disko ../modules/nixos-modules ../configurations/nixos/${host} ]; From 5eea6cdb04db4bdf80e88d578d2fb2a7f6ba04a7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 17:33:50 -0600 Subject: [PATCH 386/932] made users not need to be disabled --- configurations/nixos/defiant/configuration.nix | 2 -- modules/system-modules/users.nix | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c7aec9b6..3f7bcddb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -13,8 +13,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester.isNormalUser = false; - eve.isNormalUser = false; }; impermanence.enable = true; storage = { diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index afda7d45..fe88850d 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -78,6 +78,24 @@ in { }; config = { + host.users = { + leyla = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; + ester = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; + eve = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; + }; + assertions = ( builtins.map (user: { From 835945c925f8f3af8162976e3cd7ed3192b4f5c2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 20:06:26 -0600 Subject: [PATCH 387/932] created nfs exports --- .../nixos/defiant/configuration.nix | 29 ++++++ modules/nixos-modules/default.nix | 1 + modules/nixos-modules/server/default.nix | 5 ++ .../server/network_storage/default.nix | 90 +++++++++++++++++++ .../server/network_storage/nfs.nix | 50 +++++++++++ modules/nixos-modules/users.nix | 4 +- 6 files changed, 176 insertions(+), 3 deletions(-) create mode 100644 modules/nixos-modules/server/default.nix create mode 100644 modules/nixos-modules/server/network_storage/default.nix create mode 100644 modules/nixos-modules/server/network_storage/nfs.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3f7bcddb..3a37cbb1 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -38,6 +38,35 @@ # }; }; }; + network_storage = { + enable = true; + directories = [ + { + folder = "leyla"; + user = "leyla"; + group = "leyla"; + } + { + folder = "eve"; + user = "eve"; + group = "eve"; + } + { + folder = "ester"; + user = "ester"; + group = "ester"; + } + { + folder = "users"; + user = "users"; + group = "users"; + } + ]; + nfs = { + enable = true; + directories = ["leyla" "eve"]; + }; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 9461612d..4ac744a9 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -10,5 +10,6 @@ ./i18n.nix ./impermanence.nix ./disko.nix + ./server ]; } diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix new file mode 100644 index 00000000..8fc94e52 --- /dev/null +++ b/modules/nixos-modules/server/default.nix @@ -0,0 +1,5 @@ +{...}: { + imports = [ + ./network_storage + ]; +} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix new file mode 100644 index 00000000..11019cbe --- /dev/null +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -0,0 +1,90 @@ +{ + config, + lib, + ... +}: let + export_directory = config.host.network_storage.export_directory; +in { + imports = [ + ./nfs.nix + ]; + + options = { + host.network_storage = { + enable = lib.mkEnableOption "is this machine going to export network storage"; + export_directory = lib.mkOption { + type = lib.types.path; + description = "what are exports going to be stored in"; + default = "/exports"; + }; + directories = lib.mkOption { + type = lib.types.listOf (lib.types.submodule ({config, ...}: { + options = { + folder = lib.mkOption { + type = lib.types.string; + description = "what is the name of this export directory"; + }; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = "is this directory bound to anywhere"; + default = null; + }; + user = lib.mkOption { + type = lib.types.string; + description = "what user owns this directory"; + default = "nouser"; + }; + group = lib.mkOption { + type = lib.types.string; + description = "what group owns this directory"; + default = "nogroup"; + }; + _directory = lib.mkOption { + internal = true; + readOnly = true; + type = lib.types.path; + default = "${export_directory}/${config.folder}"; + }; + }; + })); + description = "list of directory names to export"; + }; + }; + }; + + config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ + { + # create any folders that we need to have for our exports + systemd.tmpfiles.rules = + [ + "d ${config.host.network_storage.export_directory} 2775 root root -" + ] + ++ ( + builtins.map ( + directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}" + ) + config.host.network_storage.directories + ); + + # set up any bind mounts that we need for our exports + fileSystems = builtins.listToAttrs ( + builtins.map (directory: + lib.attrsets.nameValuePair directory._directory { + device = directory.bind; + options = ["bind"]; + }) ( + builtins.filter (directory: directory.bind != null) config.host.network_storage.directories + ) + ); + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + config.host.network_storage.export_directory + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix new file mode 100644 index 00000000..5ed217ee --- /dev/null +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + ... +}: { + options = { + host.network_storage.nfs = { + enable = lib.mkEnableOption "is this server going to export network storage as nfs shares"; + directories = lib.mkOption { + type = lib.types.listOf ( + lib.types.enum ( + builtins.map ( + directory: directory.folder + ) + config.host.network_storage.directories + ) + ); + description = "list of exported directories to be exported via nfs"; + }; + }; + }; + config = lib.mkMerge [ + { + assertions = [ + { + assertion = !(config.host.network_storage.nfs.enable && !config.host.network_storage.enable); + message = "nfs cant be enabled with network storage disabled"; + } + ]; + } + ( + lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { + services.nfs.server = { + enable = true; + exports = lib.strings.concatLines ( + builtins.map ( + directory: "${directory._directory} 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)" + ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + ) + config.host.network_storage.directories + ) + ); + }; + } + ) + ]; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 6fe37fdf..0c1e1d6b 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -255,9 +255,7 @@ in { } (lib.mkIf config.host.impermanence.enable { boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatStrings (builtins.map (user: '' - zfs rollback -r rpool/local/home/${user.name}@blank - '') + lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") normalUsers) ); From 3d5aad50c40728b101452e00317e02e8d14b5edb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 20:52:34 -0600 Subject: [PATCH 388/932] added port to nfs --- configurations/nixos/defiant/services.nix | 12 ------------ modules/nixos-modules/server/network_storage/nfs.nix | 8 ++++++++ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index ac1d02be..97a67113 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -6,7 +6,6 @@ ... }: let jellyfinPort = 8096; - nfsPort = 2049; dnsPort = 53; httpPort = 80; httpsPort = 443; @@ -264,16 +263,6 @@ in { # DNS stub needs to be disabled so pi hole can bind # resolved.extraConfig = "DNSStubListener=no"; - nfs.server = { - enable = true; - exports = '' - /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - ''; - }; - postgresql = { enable = true; ensureUsers = [ @@ -432,7 +421,6 @@ in { httpPort httpsPort dnsPort - nfsPort ] ++ (lib.optional isDebug [ jellyfinPort diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 5ed217ee..58813104 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -6,6 +6,11 @@ options = { host.network_storage.nfs = { enable = lib.mkEnableOption "is this server going to export network storage as nfs shares"; + port = lib.mkOption { + type = lib.types.int; + default = 2049; + description = "port that nfs will run on"; + }; directories = lib.mkOption { type = lib.types.listOf ( lib.types.enum ( @@ -44,6 +49,9 @@ ) ); }; + networking.firewall.allowedTCPPorts = [ + config.host.network_storage.nfs.port + ]; } ) ]; From 12658718a7df77fad3677ef04bc81385286b3d6b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Dec 2024 21:07:46 -0600 Subject: [PATCH 389/932] removed unused file --- configurations/nixos/defiant/impermanence.nix | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 configurations/nixos/defiant/impermanence.nix diff --git a/configurations/nixos/defiant/impermanence.nix b/configurations/nixos/defiant/impermanence.nix deleted file mode 100644 index 9339d40b..00000000 --- a/configurations/nixos/defiant/impermanence.nix +++ /dev/null @@ -1,4 +0,0 @@ -{...}: { - # fileSystems."/home/leyla".neededForBoot = true; - # fileSystems."/persist/home/leyla".neededForBoot = true; -} From 86a690a3218dd23075215f387464a0a0ec54f9e7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 12 Dec 2024 20:00:42 -0600 Subject: [PATCH 390/932] created reverse_proxy.nix --- modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/reverse_proxy.nix | 50 +++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 modules/nixos-modules/server/reverse_proxy.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 8fc94e52..3c5c55f7 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ ./network_storage + ./reverse_proxy.nix ]; } diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix new file mode 100644 index 00000000..86db3a23 --- /dev/null +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -0,0 +1,50 @@ +{ + lib, + config, + ... +}: { + options.host.reverse_proxy = { + enable = lib.mkEnableOption "turn on the reverse proxy"; + hostname = lib.mkOption { + type = lib.type.string; + description = "what host name are we going to be proxying from"; + }; + forceSSL = lib.mkOption { + type = lib.type.boolean; + description = "force connections to use https"; + default = true; + }; + enableACME = lib.mkOption { + type = lib.type.boolean; + description = "auto renew certificates"; + default = true; + }; + subdomains = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({...}: { + options = { + target = lib.mkOption { + type = lib.types.string; + description = "where should this host point to"; + }; + websockets = lib.mkEnableOption "should websockets be proxied"; + }; + })); + }; + }; + + config = { + services.nginx = { + enable = config.host.reverse_proxy.enable; + virtualHosts = lib.attrsets.mapAttrs' (name: value: + lib.attrsets.nameValuePair "${name}.${config.home.reverse_proxy.hostname}" { + forceSSL = config.home.reverse_proxy.forceSSL; + enableACME = config.home.reverse_proxy.enableACME; + locations."/" = { + proxyPass = value.target; + proxyWebsockets = value.websockets; + }; + }) + config.host.reverse_proxy.subdomains; + }; + }; +} From 4420ab6b43758e38a2f5c7bf5728630c09b5cb45 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 12 Dec 2024 20:17:18 -0600 Subject: [PATCH 391/932] added note to reverse proxy --- modules/nixos-modules/server/reverse_proxy.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 86db3a23..664b3c3c 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -32,6 +32,7 @@ }; }; + # TODO: impermanence for ACME keys config = { services.nginx = { enable = config.host.reverse_proxy.enable; From 72322b0544e280c7502f54f0f0ad81c0236d493e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 12 Dec 2024 20:44:26 -0600 Subject: [PATCH 392/932] created jellyfin service --- configurations/nixos/defiant/services.nix | 30 ------------ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/jellyfin.nix | 60 +++++++++++++++++++++++ 3 files changed, 61 insertions(+), 30 deletions(-) create mode 100644 modules/nixos-modules/server/jellyfin.nix diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 97a67113..7ef6cde2 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -69,23 +69,6 @@ in { default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; - jellyfin = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that jellyfin will be hosted at"; - default = "${config.apps.jellyfin.subdomain}.${config.apps.base_domain}"; - }; - mediaDirectory = lib.mkOption { - type = lib.types.str; - description = "directory that jellyfin will be at"; - default = "/home/jellyfin"; - }; - }; forgejo = { subdomain = lib.mkOption { type = lib.types.str; @@ -194,7 +177,6 @@ in { # TODO: dynamic users systemd = { tmpfiles.rules = [ - "d ${config.apps.jellyfin.mediaDirectory} 2775 jellyfin jellyfin_media -" # is /home/docker/jellyfin/media on existing server "d ${config.apps.pihole.directory.root} 755 pihole pihole -" # is /home/docker/pihole on old system "d ${config.apps.pihole.directory.data} 755 pihole pihole -" # is /home/docker/pihole on old system ]; @@ -325,10 +307,6 @@ in { }; }; - jellyfin = { - enable = true; - }; - forgejo = { enable = true; database = { @@ -387,11 +365,6 @@ in { proxyWebsockets = true; }; }; - ${config.apps.jellyfin.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString jellyfinPort}"; - }; ${config.apps.forgejo.hostname} = { # forceSSL = true; # enableACME = true; @@ -433,9 +406,6 @@ in { environment.systemPackages = [ config.services.headscale.package - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg ]; }; } diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 3c5c55f7..7e4d36b2 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -2,5 +2,6 @@ imports = [ ./network_storage ./reverse_proxy.nix + ./jellyfin.nix ]; } diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix new file mode 100644 index 00000000..81ad91af --- /dev/null +++ b/modules/nixos-modules/server/jellyfin.nix @@ -0,0 +1,60 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; +in { + options.host.jellyfin = { + enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + }; + + config = lib.mkIf config.host.jellyfin.enable ( + lib.mkMerge [ + { + services.jellyfin.enable = true; + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString jellyfinPort}"; + }; + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + } + (lib.mkIf config.host.impermanence.enable { + # TODO: add an assertion here that directories matches jellyfin directories + + environment.persistence."/persist/system/jellyfin" = { + enable = true; + hideMounts = true; + directories = [ + "/var/lib/jellyfin" + "/var/cache/jellyfin" + ]; + }; + + host.storage.pool.extraDatasets = [ + { + # sops age key needs to be available to pre persist for user generation + "persist/system/jellyfin" = { + type = "zfs_fs"; + mountpoint = "/persist/system/jellyfin"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + } + ]; + }) + ] + ); +} From 194287e22ab9eeebd3d45ff306f71b00e061dac8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:02:09 -0600 Subject: [PATCH 393/932] added assertion for jellyfin persistence --- modules/nixos-modules/server/jellyfin.nix | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 81ad91af..a582edaf 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -5,6 +5,8 @@ ... }: let jellyfinPort = 8096; + jellyfin_data_directory = "/var/lib/jellyfin"; + jellyfin_cache_directory = "/var/cache/jellyfin"; in { options.host.jellyfin = { enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; @@ -29,14 +31,23 @@ in { ]; } (lib.mkIf config.host.impermanence.enable { - # TODO: add an assertion here that directories matches jellyfin directories + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + description = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + description = "jellyfin cache directory does not match persistence"; + } + ]; environment.persistence."/persist/system/jellyfin" = { enable = true; hideMounts = true; directories = [ - "/var/lib/jellyfin" - "/var/cache/jellyfin" + jellyfin_data_directory + jellyfin_cache_directory ]; }; From 2a3501fea4f8a181066b84c636447fae7f5805ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:20:23 -0600 Subject: [PATCH 394/932] enabled jellyfin for defiant --- .../nixos/defiant/configuration.nix | 8 ++++++ modules/nixos-modules/server/jellyfin.nix | 26 +++++++++---------- .../nixos-modules/server/reverse_proxy.nix | 17 +++++++----- 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3a37cbb1..00100bea 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -67,6 +67,14 @@ directories = ["leyla" "eve"]; }; }; + reverse_proxy = { + enable = true; + hostname = "jan-leila.com"; + }; + jellyfin = { + enable = true; + subdomain = "media"; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index a582edaf..57a9cdeb 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -51,20 +51,20 @@ in { ]; }; - host.storage.pool.extraDatasets = [ - { - # sops age key needs to be available to pre persist for user generation - "persist/system/jellyfin" = { - type = "zfs_fs"; - mountpoint = "/persist/system/jellyfin"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; + fileSystems."/persist/system/jellyfin".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/jellyfin" = { + type = "zfs_fs"; + mountpoint = "/persist/system/jellyfin"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; }; - } - ]; + }; + }; }) ] ); diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 664b3c3c..311724b4 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -6,16 +6,16 @@ options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; hostname = lib.mkOption { - type = lib.type.string; + type = lib.types.string; description = "what host name are we going to be proxying from"; }; forceSSL = lib.mkOption { - type = lib.type.boolean; + type = lib.types.bool; description = "force connections to use https"; default = true; }; enableACME = lib.mkOption { - type = lib.type.boolean; + type = lib.types.bool; description = "auto renew certificates"; default = true; }; @@ -34,12 +34,17 @@ # TODO: impermanence for ACME keys config = { + security.acme = lib.mkIf config.host.reverse_proxy.enableACME { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + services.nginx = { enable = config.host.reverse_proxy.enable; virtualHosts = lib.attrsets.mapAttrs' (name: value: - lib.attrsets.nameValuePair "${name}.${config.home.reverse_proxy.hostname}" { - forceSSL = config.home.reverse_proxy.forceSSL; - enableACME = config.home.reverse_proxy.enableACME; + lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { + forceSSL = config.host.reverse_proxy.forceSSL; + enableACME = config.host.reverse_proxy.enableACME; locations."/" = { proxyPass = value.target; proxyWebsockets = value.websockets; From cd60afa05452dfc214420777d5b20cfae6b1647a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:24:31 -0600 Subject: [PATCH 395/932] switched hostname --- configurations/nixos/defiant/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 00100bea..d4306af9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -68,8 +68,8 @@ }; }; reverse_proxy = { - enable = true; - hostname = "jan-leila.com"; + enable = false; + hostname = "volpe.social"; }; jellyfin = { enable = true; From b0e6a17fe6d2cd67985d4cc268e76aee9aaca422 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:30:21 -0600 Subject: [PATCH 396/932] removed outdated comment --- configurations/nixos/defiant/configuration.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index d4306af9..1a7571f5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -30,12 +30,6 @@ cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" ]; - # extraDatasets = { - # "persist/system/var/lib/jellyfin/media" = { - # type = "zfs_fs"; - # mountpoint = "/persist/system/var/lib/jellyfin/media"; - # }; - # }; }; }; network_storage = { From 6b1eaa730850b4e166820324ce68077e3bdae93c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 18:53:15 -0600 Subject: [PATCH 397/932] added authorized ssh key --- modules/nixos-modules/ssh.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 0360cfc8..bda4e811 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -1,4 +1,12 @@ -{...}: { +{ + lib, + config, + ... +}: { + users.users.leyla.openssh.authorizedKeys.keys = lib.mkIf config.host.users.leyla.isTerminalUser [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; + services = { openssh = { enable = true; From b6f1704af3ae8a8026b6d9b0f7f182a03cbbf8c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:40:47 -0600 Subject: [PATCH 398/932] added assertion --- modules/nixos-modules/impermanence.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index a923b82d..e6e1ecc7 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -5,7 +5,6 @@ }: { options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; - # TODO: validate that config.host.storage.enable is enabled config = lib.mkMerge [ { assertions = [ @@ -19,6 +18,13 @@ } ( lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.host.impermanence.enable && config.host.storage.enable; + message = "Impermanence can not be used without managed host storage."; + } + ]; + boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank 1 ''; From e54981fffc689aad3344628eeabf1d93c6e8a355 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:48:43 -0600 Subject: [PATCH 399/932] added needed for boot to user persist directories --- modules/nixos-modules/users.nix | 84 +++++++++++++++++++-------------- 1 file changed, 48 insertions(+), 36 deletions(-) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 0c1e1d6b..1799f815 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -259,7 +259,20 @@ in { normalUsers) ); - fileSystems.${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; + fileSystems = lib.mkMerge [ + { + ${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; + } + ( + builtins.listToAttrs ( + builtins.map (user: + lib.attrsets.nameValuePair "/persist/home/${user.name}" { + neededForBoot = true; + }) + normalUsers + ) + ) + ]; environment.persistence."/persist/system/root" = { enable = true; @@ -269,45 +282,44 @@ in { ]; }; - host.storage.pool.extraDatasets = lib.mkMerge [ - { - # sops age key needs to be available to pre persist for user generation - "local/system/sops" = { - type = "zfs_fs"; - mountpoint = SOPS_AGE_KEY_DIRECTORY; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; + host.storage.pool.extraDatasets = lib.mkMerge ( + [ + { + # sops age key needs to be available to pre persist for user generation + "local/system/sops" = { + type = "zfs_fs"; + mountpoint = SOPS_AGE_KEY_DIRECTORY; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; }; - }; - } - ( - lib.mkMerge - ( - builtins.map (user: { - "local/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/home/${user.name}"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/home/${user.name}@blank - ''; + } + ] + ++ ( + builtins.map (user: { + "local/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/home/${user.name}"; + options = { + canmount = "on"; }; - "persist/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/persist/home/${user.name}"; - options = { - "com.sun:auto-snapshot" = "true"; - }; + postCreateHook = '' + zfs snapshot rpool/local/home/${user.name}@blank + ''; + }; + "persist/home/${user.name}" = { + type = "zfs_fs"; + mountpoint = "/persist/home/${user.name}"; + options = { + "com.sun:auto-snapshot" = "true"; }; - }) - normalUsers - ) + }; + }) + normalUsers ) - ]; + ); }) ]; } From 431efa448e48658279974b16c127377a6206c27b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:55:28 -0600 Subject: [PATCH 400/932] added host to map --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b5037060..7857f3e5 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ | `hesperium` | Mac | ????? | ??? | | `emergent` | Desktop Computer | Eve | Desktop | | `threshold` | Laptop | Eve | Laptop | +| `wolfram` | Steam Deck | House | Handheld | # Tooling ## Rebuilding From 1f19f9bf149e213fac70ea0d40b2f382fee50b9c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 13 Dec 2024 21:59:50 -0600 Subject: [PATCH 401/932] added TODO --- configurations/nixos/defiant/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 1a7571f5..011f00d4 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -100,6 +100,7 @@ # }; services = { + # TODO: move zfs scrubbing into module zfs = { autoScrub.enable = true; autoSnapshot.enable = true; From f9947cd93df4314c3f069d8c250639f041655d59 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Dec 2024 15:24:28 -0600 Subject: [PATCH 402/932] updated flake --- flake.lock | 61 +++++++++++++++---------------- flake.nix | 2 +- modules/nixos-modules/default.nix | 4 ++ 3 files changed, 35 insertions(+), 32 deletions(-) diff --git a/flake.lock b/flake.lock index 83f85f82..2bf12baf 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1733168902, - "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=", + "lastModified": 1734701201, + "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", "owner": "nix-community", "repo": "disko", - "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5", + "rev": "2ee76c861af3b895b3b104bae04777b61397485b", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1733354814, - "narHash": "sha256-GNtstc88gUJllOun6UFQzg7P+fDtWkajxN4kUKPLFsw=", + "lastModified": 1734895221, + "narHash": "sha256-2xcBQH/SJPeMOaGo2n5+7sylwxOHAZl3WBCpKTxYVHI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fd1cc13f297bb18b85a776060edca35b18c7a324", + "rev": "f1c1ba5caba14503c50955489564b38410ce05e2", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1733354384, - "narHash": "sha256-foZG2PLwumxYZkpXq7ajHDhuQlXaUeKfOpFfQpMviLM=", + "lastModified": 1734893333, + "narHash": "sha256-0Ft7iTkl3UWAix72teY5nflYQD7GE0KvIiT+ox4wkB8=", "owner": "nix-community", "repo": "home-manager", - "rev": "0daaded612b0e6eaed0a63fc9d0778d8f05940fe", + "rev": "1f74238a4c8e534a1b6be72cb5153043071ffd17", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "impermanence": { "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "lastModified": 1734772301, + "narHash": "sha256-mQEQQzCTUlDiEw/EbblB510P/GQOmIPtKoJrqDqeGVc=", "owner": "nix-community", "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "rev": "0ab2f858dfefe73402eb53fbe6a3bad4f6702d5f", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1733351379, - "narHash": "sha256-MTMsAhXxMMVHVN99jT8E0afOAOtt3JQWjYpTja94PAU=", + "lastModified": 1733570843, + "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "55d07816a0944f06a9df5ef174999a72fa4060c7", + "rev": "a35b08d09efda83625bef267eb24347b446c80b8", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1733277416, - "narHash": "sha256-+r1bhEqW0ACV+E8TID6FvW0/YJ+46SQ9yk6DpyHtRWg=", + "lastModified": 1734832456, + "narHash": "sha256-gyp5aVMSA83OV8kP/a1FBA6KGJqNkswUK9VdAh1hLS4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3ea774bace6ac2f8db48a1c1d59271e0209e4b96", + "rev": "c567c5f3bc53723d726f286ea94d5aebac55d4c5", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733217105, - "narHash": "sha256-fc6jTzIwCIVWTX50FtW6AZpuukuQWSEbPiyg6ZRGWFY=", + "lastModified": 1734862644, + "narHash": "sha256-04xesW7HITdF5WUmNM39WD4tkEERk3Ez2W1nNvdIvIw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cceee0a31d2f01bcc98b2fbd591327c06a4ea4f9", + "rev": "e8516a23524cc9083f5a02a8d64d14770e4c7c09", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "lastModified": 1734649271, + "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "type": "github" }, "original": { @@ -236,16 +236,15 @@ "locked": { "lastModified": 1730665670, "narHash": "sha256-MMwH5IcaslEWqeHaNqSjAsGWoS2NJ5qiIE7RLiJG+28=", - "ref": "main", + "ref": "refs/heads/main", "rev": "ef623d6a9e25c1f0ec9d282ab5ed5dff54674816", "revCount": 6, "type": "git", - "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, "original": { - "ref": "main", "type": "git", - "url": "https://git.jan-leila.com/jan-leila/nix-config-secrets" + "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" } }, "sops-nix": { @@ -255,11 +254,11 @@ ] }, "locked": { - "lastModified": 1733128155, - "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", + "lastModified": 1734546875, + "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", + "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 54d1f7d9..1849afca 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ # self hosted repo of secrets file to further protect files in case of future encryption vulnerabilities secrets = { - url = "git+https://git.jan-leila.com/jan-leila/nix-config-secrets?ref=main"; + url = "git+ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"; flake = false; }; diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 4ac744a9..41e06197 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,4 +12,8 @@ ./disko.nix ./server ]; + + nixpkgs.config.permittedInsecurePackages = [ + "dotnet-sdk-6.0.428" + ]; } From 14fcd3b13bf3299878f76ffda98f095612b301da Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Dec 2024 14:45:51 -0600 Subject: [PATCH 403/932] remove idea community and android studio temporally --- configurations/home-manager/leyla/packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 1845f656..92e29f45 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -61,8 +61,8 @@ in { anki-bin # development tools - androidStudioPackages.canary - jetbrains.idea-community + # androidStudioPackages.canary + # jetbrains.idea-community dbeaver-bin bruno qFlipper From 5139d41d176536d9e804a93ea4dbe0ae67d8d640 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Dec 2024 14:47:55 -0600 Subject: [PATCH 404/932] updated flake lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 2bf12baf..4920a27e 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1734895221, - "narHash": "sha256-2xcBQH/SJPeMOaGo2n5+7sylwxOHAZl3WBCpKTxYVHI=", + "lastModified": 1734943800, + "narHash": "sha256-T6tJ1fGRcVksmRqbDRsvYD3Qnw8AU3e2j0Im01twFcI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f1c1ba5caba14503c50955489564b38410ce05e2", + "rev": "2c702b4a038306dce64a90fc011c92ebabb82f63", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1734893333, - "narHash": "sha256-0Ft7iTkl3UWAix72teY5nflYQD7GE0KvIiT+ox4wkB8=", + "lastModified": 1734944412, + "narHash": "sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU=", "owner": "nix-community", "repo": "home-manager", - "rev": "1f74238a4c8e534a1b6be72cb5153043071ffd17", + "rev": "8264bfe3a064d704c57df91e34b795b6ac7bad9e", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "impermanence": { "locked": { - "lastModified": 1734772301, - "narHash": "sha256-mQEQQzCTUlDiEw/EbblB510P/GQOmIPtKoJrqDqeGVc=", + "lastModified": 1734945620, + "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", "owner": "nix-community", "repo": "impermanence", - "rev": "0ab2f858dfefe73402eb53fbe6a3bad4f6702d5f", + "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1734832456, - "narHash": "sha256-gyp5aVMSA83OV8kP/a1FBA6KGJqNkswUK9VdAh1hLS4=", + "lastModified": 1734918633, + "narHash": "sha256-9lveBNV+g9UKBY8POH+53cRaslqnjmF2WePg/f2ojBY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c567c5f3bc53723d726f286ea94d5aebac55d4c5", + "rev": "c21a6eceed82873917324144895491603cf6d457", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734862644, - "narHash": "sha256-04xesW7HITdF5WUmNM39WD4tkEERk3Ez2W1nNvdIvIw=", + "lastModified": 1734954597, + "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e8516a23524cc9083f5a02a8d64d14770e4c7c09", + "rev": "def1d472c832d77885f174089b0d34854b007198", "type": "github" }, "original": { From 46c6ffce547dc687b3a55b9d788e0fc1a7786a55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 13:52:29 -0600 Subject: [PATCH 405/932] updated flake --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 4920a27e..45000442 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1734701201, - "narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=", + "lastModified": 1735048446, + "narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=", "owner": "nix-community", "repo": "disko", - "rev": "2ee76c861af3b895b3b104bae04777b61397485b", + "rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1734943800, - "narHash": "sha256-T6tJ1fGRcVksmRqbDRsvYD3Qnw8AU3e2j0Im01twFcI=", + "lastModified": 1735054826, + "narHash": "sha256-n1x41VFZFeG144KS1tu7R2qpXlS3kk7iguGO8B1uIuE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "2c702b4a038306dce64a90fc011c92ebabb82f63", + "rev": "d558686ba23132b3e98329952023d31bb5f7289c", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1734944412, - "narHash": "sha256-36QfCAl8V6nMIRUCgiC79VriJPUXXkHuR8zQA1vAtSU=", + "lastModified": 1735053786, + "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=", "owner": "nix-community", "repo": "home-manager", - "rev": "8264bfe3a064d704c57df91e34b795b6ac7bad9e", + "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1734918633, - "narHash": "sha256-9lveBNV+g9UKBY8POH+53cRaslqnjmF2WePg/f2ojBY=", + "lastModified": 1735004869, + "narHash": "sha256-b92HYukQ0xnCvtfygUh7TMqzBj/mSvfYlQ4Px+V3y5I=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c21a6eceed82873917324144895491603cf6d457", + "rev": "86abacab7bbf83c0179e0a9b9274be762ef0fc1a", "type": "github" }, "original": { From 4eacddfce17405078e1c897e4726cf1b55d87237 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 14:00:08 -0600 Subject: [PATCH 406/932] fixed home manager on horizon --- configurations/home-manager/leyla/impermanence.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index c5f228fb..4a24310d 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -1,5 +1,9 @@ -{...}: { - home.persistence."/persistent/home/leyla" = { +{ + lib, + osConfig, + ... +}: { + home.persistence."/persist/home/leyla" = lib.mkIf osConfig.host.impermanence.enable { directories = [ "desktop" "downloads" From e8a1562eae022a9b357fe2262ee0a49db01a2439 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 14:05:17 -0600 Subject: [PATCH 407/932] installed tor --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 92e29f45..ebe9787f 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -51,6 +51,7 @@ in { # rpi-imager # fritzing mfoc + tor # proprietary platforms discord From d760992a06fc9c756a533c8566cf1e14892d09b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 14:55:49 -0600 Subject: [PATCH 408/932] switched to tor-browser package --- configurations/home-manager/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index ebe9787f..2c2ae4b4 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -51,7 +51,7 @@ in { # rpi-imager # fritzing mfoc - tor + tor-browser # proprietary platforms discord From 2d5e37b1eb9fc72e0c13f2b0c14fca42c433514e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Dec 2024 16:01:37 -0600 Subject: [PATCH 409/932] moved openssh config into home manager configs --- configurations/home-manager/leyla/default.nix | 4 ++++ modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/openssh.nix | 8 ++++++++ modules/nixos-modules/home-manager/default.nix | 1 + modules/nixos-modules/home-manager/openssh.nix | 11 +++++++++++ modules/nixos-modules/ssh.nix | 10 +--------- 6 files changed, 26 insertions(+), 9 deletions(-) create mode 100644 modules/home-manager-modules/openssh.nix create mode 100644 modules/nixos-modules/home-manager/openssh.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 48d38db5..8b41e3a7 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -105,6 +105,10 @@ }; }; bash.enable = true; + + openssh.authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + ]; }; dconf = { diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 9fb37f2c..ef9bf0a2 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -3,5 +3,6 @@ imports = [ ./flipperzero.nix ./i18n.nix + ./openssh.nix ]; } diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix new file mode 100644 index 00000000..ef4f11f5 --- /dev/null +++ b/modules/home-manager-modules/openssh.nix @@ -0,0 +1,8 @@ +{lib, ...}: { + options.programs = { + openssh.authorizedKeys = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + }; + }; +} diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix index 3848e1b6..cab004b1 100644 --- a/modules/nixos-modules/home-manager/default.nix +++ b/modules/nixos-modules/home-manager/default.nix @@ -3,5 +3,6 @@ imports = [ ./flipperzero.nix ./i18n.nix + ./openssh.nix ]; } diff --git a/modules/nixos-modules/home-manager/openssh.nix b/modules/nixos-modules/home-manager/openssh.nix new file mode 100644 index 00000000..31a785f9 --- /dev/null +++ b/modules/nixos-modules/home-manager/openssh.nix @@ -0,0 +1,11 @@ +{ + config, + lib, + ... +}: { + users.users = + lib.attrsets.mapAttrs (name: value: { + openssh.authorizedKeys.keys = value.programs.openssh.authorizedKeys; + }) + config.home-manager.users; +} diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index bda4e811..0360cfc8 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -1,12 +1,4 @@ -{ - lib, - config, - ... -}: { - users.users.leyla.openssh.authorizedKeys.keys = lib.mkIf config.host.users.leyla.isTerminalUser [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - ]; - +{...}: { services = { openssh = { enable = true; From 48dc0b11509af39e020e7f1a155049d287c8d2a0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Dec 2024 18:21:10 -0600 Subject: [PATCH 410/932] made impermanence config work slightly better --- .../nixos/defiant/configuration.nix | 4 +- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/impermanence.nix | 10 +++++ modules/nixos-modules/impermanence.nix | 16 +++++--- .../server/network_storage/default.nix | 10 ++--- .../nixos-modules/server/reverse_proxy.nix | 4 +- modules/nixos-modules/ssh.nix | 37 +++++++++++++------ modules/nixos-modules/users.nix | 9 +++++ 8 files changed, 66 insertions(+), 25 deletions(-) create mode 100644 modules/home-manager-modules/impermanence.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 011f00d4..bb5f4503 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -52,13 +52,13 @@ } { folder = "users"; - user = "users"; + user = "root"; group = "users"; } ]; nfs = { enable = true; - directories = ["leyla" "eve"]; + directories = ["leyla" "eve" "ester"]; }; }; reverse_proxy = { diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index ef9bf0a2..22736d2f 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -4,5 +4,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix + ./impermanence.nix ]; } diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix new file mode 100644 index 00000000..4768b7ec --- /dev/null +++ b/modules/home-manager-modules/impermanence.nix @@ -0,0 +1,10 @@ +{config, ...}: { + home.persistence."/persistent/home/${config.home.username}" = { + directories = [ + ".ssh" + "desktop" + "downloads" + "documents" + ]; + }; +} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index e6e1ecc7..a1872260 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -26,12 +26,13 @@ ]; boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank - 1 ''; + zfs rollback -r rpool/local/system/root@blank + ''; fileSystems = { "/".neededForBoot = true; "/persist/system/root".neededForBoot = true; + "/persist/system/var/log".neededForBoot = true; }; host.storage.pool.extraDatasets = { @@ -81,13 +82,18 @@ }; }; + environment.persistence."/persist/system/var/log" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + ]; + }; + environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; directories = [ - "/etc/ssh" - - "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index 11019cbe..fecc05f6 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -21,7 +21,7 @@ in { type = lib.types.listOf (lib.types.submodule ({config, ...}: { options = { folder = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what is the name of this export directory"; }; bind = lib.mkOption { @@ -30,12 +30,12 @@ in { default = null; }; user = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what user owns this directory"; default = "nouser"; }; group = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what group owns this directory"; default = "nogroup"; }; @@ -57,11 +57,11 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2775 root root -" + "d ${config.host.network_storage.export_directory} 2770 root root -" ] ++ ( builtins.map ( - directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}" + directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" ) config.host.network_storage.directories ); diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 311724b4..7eecdd0c 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -6,7 +6,7 @@ options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; hostname = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what host name are we going to be proxying from"; }; forceSSL = lib.mkOption { @@ -23,7 +23,7 @@ type = lib.types.attrsOf (lib.types.submodule ({...}: { options = { target = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "where should this host point to"; }; websockets = lib.mkEnableOption "should websockets be proxied"; diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 0360cfc8..17593aa6 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -1,13 +1,28 @@ -{...}: { - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; +{ + lib, + config, + ... +}: { + config = lib.mkMerge [ + { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; }; - }; - }; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + directories = [ + "/etc/ssh" + ]; + }; + }) + ]; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 1799f815..e2a8074e 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -272,6 +272,15 @@ in { normalUsers ) ) + ( + builtins.listToAttrs ( + builtins.map (user: + lib.attrsets.nameValuePair "/home/${user.name}" { + neededForBoot = true; + }) + normalUsers + ) + ) ]; environment.persistence."/persist/system/root" = { From 7127b9f9e8815100af86b00fe2126313b35beb28 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 26 Dec 2024 23:05:23 -0600 Subject: [PATCH 411/932] updated packages --- flake.lock | 18 +++++++-------- modules/home-manager-modules/impermanence.nix | 23 ++++++++++++------- 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 45000442..44359f88 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735054826, - "narHash": "sha256-n1x41VFZFeG144KS1tu7R2qpXlS3kk7iguGO8B1uIuE=", + "lastModified": 1735202720, + "narHash": "sha256-7aEdACqT2B7nZNFjn2Y66Qucfl1AHHVFKxm4yvO0O10=", "owner": "rycee", "repo": "nur-expressions", - "rev": "d558686ba23132b3e98329952023d31bb5f7289c", + "rev": "fe816609e68ee1887ee89e43c9ca1aad75362477", "type": "gitlab" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1733570843, - "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", + "lastModified": 1735218083, + "narHash": "sha256-MoUAbmXz9TEr7zlKDRO56DBJHe30+7B5X7nhXm+Vpc8=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "a35b08d09efda83625bef267eb24347b446c80b8", + "rev": "bc03f7818771a75716966ce8c23110b715eff2aa", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1735004869, - "narHash": "sha256-b92HYukQ0xnCvtfygUh7TMqzBj/mSvfYlQ4Px+V3y5I=", + "lastModified": 1735264033, + "narHash": "sha256-ss9vVSK9M2o8hW4nFs+GuVxsrIZ8X3zxQfeWhEKgMT0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "86abacab7bbf83c0179e0a9b9274be762ef0fc1a", + "rev": "b5223dca0334d671787531a204bdba7717b48a72", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index 4768b7ec..a48fe9d8 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -1,10 +1,17 @@ -{config, ...}: { - home.persistence."/persistent/home/${config.home.username}" = { - directories = [ - ".ssh" - "desktop" - "downloads" - "documents" - ]; +{ + lib, + config, + osConfig, + ... +}: { + config = lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persistent/home/${config.home.username}" = { + directories = [ + ".ssh" + "desktop" + "downloads" + "documents" + ]; + }; }; } From a43b14a9fa171894e7e6437c2fcd7e813d08f83f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 27 Dec 2024 17:29:51 -0600 Subject: [PATCH 412/932] installed adb on horizon --- configurations/nixos/horizon/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 2d16c746..787df3d8 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -27,6 +27,8 @@ {}) ]; + programs.adb.enable = true; + # enabled virtualisation for docker # virtualisation.docker = { # enable = true; From 21eea779db5d3ace7129bba078df0bae2aedc90e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 29 Dec 2024 15:57:07 -0600 Subject: [PATCH 413/932] added task to README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7857f3e5..2097d8c8 100644 --- a/README.md +++ b/README.md @@ -57,4 +57,5 @@ - tail scale clients - wake on LAN - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich \ No newline at end of file +- Immich +- Syncthing declarative set up for devices https://nixos.wiki/wiki/Syncthing \ No newline at end of file From 905c4e73b244b3afa563078edef8631ce6f588a1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Dec 2024 20:05:52 -0600 Subject: [PATCH 414/932] added syncthing --- README.md | 5 +- .../nixos/horizon/configuration.nix | 10 +++ modules/nixos-modules/default.nix | 1 + modules/nixos-modules/sync.nix | 87 +++++++++++++++++++ modules/nixos-modules/users.nix | 18 ++++ 5 files changed, 119 insertions(+), 2 deletions(-) create mode 100644 modules/nixos-modules/sync.nix diff --git a/README.md b/README.md index 2097d8c8..2f7b5df9 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ | `emergent` | Desktop Computer | Eve | Desktop | | `threshold` | Laptop | Eve | Laptop | | `wolfram` | Steam Deck | House | Handheld | +| `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | +| `skate` | A4 Tablet (not using nix) | Leyla | Tablet | # Tooling ## Rebuilding @@ -57,5 +59,4 @@ - tail scale clients - wake on LAN - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich -- Syncthing declarative set up for devices https://nixos.wiki/wiki/Syncthing \ No newline at end of file +- Immich \ No newline at end of file diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 787df3d8..bc96142c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -19,6 +19,16 @@ ester.isDesktopUser = true; eve.isDesktopUser = true; }; + sync = { + enable = true; + folders = { + leyla = { + documents.enable = true; + calendar.enable = true; + notes.enable = true; + }; + }; + }; }; environment.systemPackages = [ diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 41e06197..63b2757c 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -8,6 +8,7 @@ ./desktop.nix ./ssh.nix ./i18n.nix + ./sync.nix ./impermanence.nix ./disko.nix ./server diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix new file mode 100644 index 00000000..532038e2 --- /dev/null +++ b/modules/nixos-modules/sync.nix @@ -0,0 +1,87 @@ +{ + config, + lib, + ... +}: let + mountDir = "/mnt/sync"; +in { + options.host.sync = { + enable = lib.mkEnableOption "should sync thing be enabled on this device"; + folders = { + leyla = { + documents = { + enable = lib.mkEnableOption "should the documents folder be synced"; + }; + calendar = { + enable = lib.mkEnableOption "should the calendar folder be synced"; + }; + notes = { + enable = lib.mkEnableOption "should the notes folder by synced"; + }; + }; + extraFolders = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({...}: { + options = { + path = lib.mkOption { + type = lib.types.str; + }; + devices = lib.mkOption { + type = lib.types.listof lib.types.str; + }; + }; + })); + default = {}; + }; + }; + }; + + config = { + systemd = lib.mkIf config.services.syncthing.enable { + tmpfiles.rules = [ + "d ${mountDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" + ]; + }; + services.syncthing = { + enable = config.host.sync.enable; + user = "syncthing"; + group = "syncthing"; + dataDir = "${mountDir}/default"; + configDir = "/etc/syncthing"; + overrideDevices = true; + overrideFolders = true; + settings = { + devices = { + ceder = { + id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + }; + }; + folders = lib.mkMerge [ + config.host.sync.folders.extraFolders + (lib.mkIf config.host.sync.folders.leyla.documents.enable { + "documents" = { + id = "hvrj0-9bm1p"; + path = "/mnt/sync/leyla/documents"; + devices = ["ceder"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + "calendar" = { + id = "8oatl-1rv6w"; + path = "/mnt/sync/leyla/calendar"; + devices = ["ceder"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.notes.enable { + "notes" = { + id = "dwbuv-zffnf"; + path = "/mnt/sync/leyla/notes"; + devices = ["ceder"]; + }; + }) + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index e2a8074e..af7dcb20 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -22,6 +22,7 @@ hass = 2004; headscale = 2005; nextcloud = 2006; + syncthing = 2007; }; gids = { @@ -36,6 +37,7 @@ hass = 2004; headscale = 2005; nextcloud = 2006; + syncthing = 2007; }; users = config.users.users; @@ -160,6 +162,12 @@ in { isSystemUser = true; group = config.users.users.nextcloud.name; }; + + syncthing = { + uid = lib.mkForce uids.syncthing; + isSystemUser = true; + group = config.users.users.syncthing.name; + }; }; groups = { @@ -250,6 +258,16 @@ in { # leyla ]; }; + + syncthing = { + gid = lib.mkForce gids.syncthing; + members = [ + users.syncthing.name + leyla + ester + eve + ]; + }; }; }; } From dd9ca10ae44e9ca8eefdcf70c51cbc72476f11ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Dec 2024 20:08:44 -0600 Subject: [PATCH 415/932] updated README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2f7b5df9..c39c3602 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,8 @@ | `threshold` | Laptop | Eve | Laptop | | `wolfram` | Steam Deck | House | Handheld | | `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | -| `skate` | A4 Tablet (not using nix) | Leyla | Tablet | +| `skate` | A6 Tablet (not using nix) | Leyla | Tablet | +| `shale` | A6 Tablet (not using nix) | Eve | Tablet | # Tooling ## Rebuilding From 15e0c1b6c4277ccfe33af1a9be716d6142a1f159 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Dec 2024 22:05:58 -0600 Subject: [PATCH 416/932] switched to anki from anki-bin --- configurations/home-manager/leyla/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 2c2ae4b4..836a22b2 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -59,7 +59,7 @@ in { steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - anki-bin + anki # development tools # androidStudioPackages.canary From 22b40edb241063ce182629b4aa1f9ef34168c185 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 17:02:46 -0600 Subject: [PATCH 417/932] fixed SSH on defiant --- modules/nixos-modules/ssh.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 17593aa6..69bd1859 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -19,8 +19,11 @@ } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { - directories = [ - "/etc/ssh" + files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" ]; }; }) From 5abc647d98421d3bb2338e22adbf6ee01e75cf0c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:19:32 -0600 Subject: [PATCH 418/932] fixed home manager with impermanence --- .../home-manager/leyla/impermanence.nix | 32 ++++++++----------- modules/home-manager-modules/default.nix | 1 - modules/home-manager-modules/impermanence.nix | 17 ---------- modules/nixos-modules/users.nix | 8 +++++ 4 files changed, 22 insertions(+), 36 deletions(-) delete mode 100644 modules/home-manager-modules/impermanence.nix diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 4a24310d..ddb2f42f 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -3,23 +3,19 @@ osConfig, ... }: { - home.persistence."/persist/home/leyla" = lib.mkIf osConfig.host.impermanence.enable { - directories = [ - "desktop" - "downloads" - "documents" - ".ssh" - ".nixops" - ".local/share/keyrings" - ".local/share/direnv" - { - directory = ".local/share/Steam"; - method = "symlink"; - } - ]; - # files = [ - # ".screenrc" - # ]; - allowOther = true; + config = lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist/home/leyla" = { + directories = [ + "desktop" + "downloads" + "documents" + ".ssh" + ".config/gnome-initial-setup-done" + { + directory = ".local/share/Steam"; + method = "symlink"; + } + ]; + }; }; } diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 22736d2f..ef9bf0a2 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -4,6 +4,5 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix - ./impermanence.nix ]; } diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix deleted file mode 100644 index a48fe9d8..00000000 --- a/modules/home-manager-modules/impermanence.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: { - config = lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persistent/home/${config.home.username}" = { - directories = [ - ".ssh" - "desktop" - "downloads" - "documents" - ]; - }; - }; -} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index af7dcb20..efd39f38 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -277,6 +277,14 @@ in { normalUsers) ); + systemd = { + tmpfiles.rules = + builtins.map ( + user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" + ) + normalUsers; + }; + fileSystems = lib.mkMerge [ { ${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; From 7a4c2a2b8d73e857fe2aa996929f54792a6c5347 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:23:13 -0600 Subject: [PATCH 419/932] updated README.md --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index c39c3602..3ba68b29 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ # Tasks: ## Tech Debt -- join config for systemd.tmpfiles.rules and service directory bindings - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in `defiant/services.nix` into their own modules ## New Features @@ -56,8 +55,7 @@ - openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- mastodon server - tail scale clients -- wake on LAN +- wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich \ No newline at end of file From 8e946972246aa78e9897afba938ea7cd2f5bfc7f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:24:08 -0600 Subject: [PATCH 420/932] added task to README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ba68b29..1111fe83 100644 --- a/README.md +++ b/README.md @@ -58,4 +58,5 @@ - tail scale clients - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich \ No newline at end of file +- Immich +- zfs encryption FIDO2 2fa \ No newline at end of file From ee5b794113d36bbd0ea0d18db05167d91d207e6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:25:27 -0600 Subject: [PATCH 421/932] removed sections from research topics --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 1111fe83..3f47f61c 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ `sops -c sops secrets/secrets_file_here.yaml` ## Inspecting a configuration -`nix-inspect -p .` +`./inspect.sh` # Notes: @@ -37,9 +37,7 @@ - Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ -- Look into this for home assistant configuration https://nixos.wiki/wiki/Home_Assistant https://myme.no/posts/2021-11-25-nixos-home-assistant.html - https://nixos-and-flakes.thiscute.world/ -- this guy might have a working zfs disko impermanence system - https://github.com/djacu/nixos-config/blob/main/hosts/adalon/disko-config.nix # Tasks: From 1ee9b9a87d461af9c89bba6d78811e1d1a4b87c5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 18:26:38 -0600 Subject: [PATCH 422/932] added back inspect command --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3f47f61c..6843275e 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ `sops -c sops secrets/secrets_file_here.yaml` ## Inspecting a configuration -`./inspect.sh` +`nix-inspect -p .` # Notes: From 46edb7363d64c5dfe8c2c1daf646312c23e03bcb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 20:01:44 -0600 Subject: [PATCH 423/932] disabled sleeping on defiant --- configurations/nixos/defiant/configuration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index bb5f4503..c1a18c70 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -125,6 +125,14 @@ }; }; + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave From c523e6075b1778243952126dc25dbc6d2a9f7067 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Jan 2025 20:03:01 -0600 Subject: [PATCH 424/932] added scrubbing and aut snapshot to defiant --- modules/nixos-modules/disko.nix | 5 +++++ modules/nixos-modules/impermanence.nix | 10 +++++++--- modules/nixos-modules/users.nix | 3 --- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index b65538d0..f95edcfd 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,6 +50,11 @@ in { }; config = lib.mkIf config.host.storage.enable { + services.zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + disko.devices = { disk = ( builtins.listToAttrs ( diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index a1872260..66139ce7 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -67,18 +67,22 @@ "persist" = { type = "zfs_fs"; options.canmount = "off"; + options = { + "com.sun:auto-snapshot" = "true"; + }; }; # this is where root data actually lives "persist/system/root" = { type = "zfs_fs"; mountpoint = "/persist/system/root"; - options = { - "com.sun:auto-snapshot" = "true"; - }; }; "persist/system/var/log" = { type = "zfs_fs"; mountpoint = "/persist/system/var/log"; + # logs should be append only so we shouldn't need to snapshot them + options = { + "com.sun:auto-snapshot" = "false"; + }; }; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index efd39f38..704413ae 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -347,9 +347,6 @@ in { "persist/home/${user.name}" = { type = "zfs_fs"; mountpoint = "/persist/home/${user.name}"; - options = { - "com.sun:auto-snapshot" = "true"; - }; }; }) normalUsers From 1a072188c9efdb10082bc14dd239fd80ee16fc00 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:41:39 -0600 Subject: [PATCH 425/932] added device to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6843275e..b348b037 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ | `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | | `skate` | A6 Tablet (not using nix) | Leyla | Tablet | | `shale` | A6 Tablet (not using nix) | Eve | Tablet | +| `coven` | Pixel 8 (not using nix) | Leyla | Android | # Tooling ## Rebuilding From afa04e1080e6d63be91f9e60495f612847120add Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:43:17 -0600 Subject: [PATCH 426/932] disabled gdm auto suspend --- configurations/nixos/defiant/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c1a18c70..724f86ea 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -132,6 +132,7 @@ hibernate.enable = false; hybrid-sleep.enable = false; }; + services.xserver.displayManager.gdm.autoSuspend = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From 6d2850e78f93b93d110d4804afdcf94f4c9e4be9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:46:50 -0600 Subject: [PATCH 427/932] added postgres service --- modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/postgres.nix | 86 +++++++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 modules/nixos-modules/server/postgres.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 7e4d36b2..9f065653 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -3,5 +3,6 @@ ./network_storage ./reverse_proxy.nix ./jellyfin.nix + ./postgres.nix ]; } diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix new file mode 100644 index 00000000..2aae5fa4 --- /dev/null +++ b/modules/nixos-modules/server/postgres.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + pkgs, + ... +}: { + options = { + host.postgres = { + enable = lib.mkEnableOption "enable postgres"; + extraAdminUsers = lib.mkOption { + type = lib.types.attrsOf lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + }; + }); + default = {}; + }; + extraDatabaseUsers = lib.mkOption { + type = lib.types.attrsOf lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + description = '' + What should this users name on the system be + ''; + defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + }; + }); + default = {}; + }; + }; + }; + + config = lib.mkIf config.host.postgres.enable { + services = { + postgresql = { + enable = true; + ensureUsers = + [ + { + name = "postgres"; + } + ] + + (lib.attrsets.mapAttrsToList (user: { + name = user.name; + ensureDBOwnership = true; + }) + config.host.postgres.extraDatabaseUsers); + ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; + identMap = + '' + # ArbitraryMapName systemUser DBUser + + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) + ) + + '' + + # Client Users + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) + ); + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map + ''; + }; + }; + }; +} From 6a5c7773fd4bb734d429b7919c92bc7f8f93ec0a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 15:55:07 -0600 Subject: [PATCH 428/932] added taask to TODO --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b348b037..6d5119d7 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - move applications in `defiant/services.nix` into their own modules +- syncthing password ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From fe1f2adf9f1aedc9d9b54ff4d3b4621e7be1e28d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 16:09:43 -0600 Subject: [PATCH 429/932] added files to persistence --- configurations/home-manager/leyla/impermanence.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index ddb2f42f..3f85d148 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -10,12 +10,15 @@ "downloads" "documents" ".ssh" - ".config/gnome-initial-setup-done" { directory = ".local/share/Steam"; method = "symlink"; } ]; + files = [ + ".config/gnome-initial-setup-done" # gnome welcome message + ".local/share/recently-used.xbel" # gnome recently viewed files + ]; }; }; } From 9ecba48dcf302a1e564165bb731fd1dd1c916e3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 16:21:44 -0600 Subject: [PATCH 430/932] created forgejo service --- modules/nixos-modules/server/forgejo.nix | 36 ++++++++ modules/nixos-modules/server/postgres.nix | 102 +++++++++++++--------- 2 files changed, 97 insertions(+), 41 deletions(-) create mode 100644 modules/nixos-modules/server/forgejo.nix diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix new file mode 100644 index 00000000..96b9aebc --- /dev/null +++ b/modules/nixos-modules/server/forgejo.nix @@ -0,0 +1,36 @@ +{ + lib, + config, + ... +}: let + forgejoPort = 8081; +in { + options.host.forgejo = { + enable = lib.mkEnableOption "should forgejo be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that forgejo will be hosted at"; + default = "forgejo"; + }; + }; + + config = + lib.mkIf config.host.forgejo.enable + { + enable = true; + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + }; + }; + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString forgejoPort}"; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 2aae5fa4..d22be176 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -3,7 +3,9 @@ lib, pkgs, ... -}: { +}: let + dataDir = "/var/lib/postgresql/15"; +in { options = { host.postgres = { enable = lib.mkEnableOption "enable postgres"; @@ -40,47 +42,65 @@ }; }; - config = lib.mkIf config.host.postgres.enable { - services = { - postgresql = { - enable = true; - ensureUsers = - [ - { - name = "postgres"; - } - ] - + (lib.attrsets.mapAttrsToList (user: { - name = user.name; - ensureDBOwnership = true; - }) - config.host.postgres.extraDatabaseUsers); - ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; - identMap = - '' - # ArbitraryMapName systemUser DBUser + config = lib.mkIf config.host.postgres.enable (lib.mkMerge [ + { + services = { + postgresql = { + enable = true; + ensureUsers = + [ + { + name = "postgres"; + } + ] + + (lib.attrsets.mapAttrsToList (user: { + name = user.name; + ensureDBOwnership = true; + }) + config.host.postgres.extraDatabaseUsers); + ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; + identMap = + '' + # ArbitraryMapName systemUser DBUser - # Administration Users - superuser_map root postgres - superuser_map postgres postgres - '' - + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) - ) - + '' + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) + ) + + '' - # Client Users - '' - + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) - ); - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map - ''; + # Client Users + '' + + ( + lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) + ); + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=superuser_map + ''; + }; }; - }; - }; + } + + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.postgresql.dataDir == dataDir; + description = "postgres data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + dataDir + ]; + }; + }) + ]); } From 8f59f8aecaf9452c950ebc98d7c1099db2c9b22c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 17:22:05 -0600 Subject: [PATCH 431/932] fixed postgres config for forgejo --- .../nixos/defiant/configuration.nix | 4 ++ modules/nixos-modules/server/default.nix | 3 +- modules/nixos-modules/server/forgejo.nix | 37 ++++++++---- modules/nixos-modules/server/jellyfin.nix | 4 +- modules/nixos-modules/server/postgres.nix | 59 +++++++------------ 5 files changed, 55 insertions(+), 52 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 724f86ea..668e10a2 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -69,6 +69,10 @@ enable = true; subdomain = "media"; }; + forgejo = { + enable = true; + subdomain = "git"; + }; }; networking = { hostId = "c51763d6"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 9f065653..65d79d96 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -2,7 +2,8 @@ imports = [ ./network_storage ./reverse_proxy.nix - ./jellyfin.nix ./postgres.nix + ./jellyfin.nix + ./forgejo.nix ]; } diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 96b9aebc..7ed33123 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -17,20 +17,33 @@ in { config = lib.mkIf config.host.forgejo.enable { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; + host = { + reverse_proxy.subdomains.${config.host.forgejo.subdomain} = { + target = "http://localhost:${toString forgejoPort}"; + }; + postgres = { + enable = true; + extraUsers = { + forgejo = { + isClient = true; + }; + }; }; }; - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString forgejoPort}"; + + services.forgejo = { + enable = true; + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + }; + }; }; }; } diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 57a9cdeb..d6e3fe8e 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -34,11 +34,11 @@ in { assertions = [ { assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - description = "jellyfin data directory does not match persistence"; + message = "jellyfin data directory does not match persistence"; } { assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - description = "jellyfin cache directory does not match persistence"; + message = "jellyfin cache directory does not match persistence"; } ]; diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index d22be176..fde5c970 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -5,38 +5,29 @@ ... }: let dataDir = "/var/lib/postgresql/15"; + adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); in { options = { host.postgres = { enable = lib.mkEnableOption "enable postgres"; - extraAdminUsers = lib.mkOption { - type = lib.types.attrsOf lib.types.submodule ({name, ...}: { + extraUsers = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { name = lib.mkOption { type = lib.types.str; default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; + }; + isAdmin = lib.mkOption { + type = lib.types.bool; + default = false; + }; + isClient = lib.mkOption { + type = lib.types.bool; + default = false; }; }; - }); - default = {}; - }; - extraDatabaseUsers = lib.mkOption { - type = lib.types.attrsOf lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; - }; - }; - }); + })); default = {}; }; }; @@ -47,18 +38,12 @@ in { services = { postgresql = { enable = true; - ensureUsers = - [ - { - name = "postgres"; - } - ] - + (lib.attrsets.mapAttrsToList (user: { - name = user.name; - ensureDBOwnership = true; - }) - config.host.postgres.extraDatabaseUsers); - ensureDatabases = lib.attrsets.mapAttrsToList (user: user.name) config.host.postgres.extraDatabaseUsers; + package = pkgs.postgresql_15; + ensureUsers = [ + { + name = "postgres"; + } + ]; identMap = '' # ArbitraryMapName systemUser DBUser @@ -68,14 +53,14 @@ in { superuser_map postgres postgres '' + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} postgres") config.host.postgres.extraAdminUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) ) + '' # Client Users '' + ( - lib.strings.concatLines (lib.attrsets.mapAttrsToList (user: "superuser_map ${user.name} ${user.name}") config.host.postgres.extraDatabaseUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} ${user.name}") clientUsers) ); # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' @@ -91,7 +76,7 @@ in { assertions = [ { assertion = config.services.postgresql.dataDir == dataDir; - description = "postgres data directory does not match persistence"; + message = "postgres data directory does not match persistence"; } ]; environment.persistence."/persist/system/root" = { From 2742eea9c536f3a7b95353206ea61660b07f5d27 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 17:25:39 -0600 Subject: [PATCH 432/932] added forgejo state dir to persist --- modules/nixos-modules/server/forgejo.nix | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 7ed33123..3c5b5fa9 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -4,6 +4,7 @@ ... }: let forgejoPort = 8081; + stateDir = "/var/lib/forgejo"; in { options.host.forgejo = { enable = lib.mkEnableOption "should forgejo be enabled on this computer"; @@ -14,8 +15,7 @@ in { }; }; - config = - lib.mkIf config.host.forgejo.enable + config = lib.mkIf config.host.forgejo.enable (lib.mkMerge [ { host = { reverse_proxy.subdomains.${config.host.forgejo.subdomain} = { @@ -45,5 +45,21 @@ in { }; }; }; - }; + } + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.forgejo.stateDir == stateDir; + message = "forgejo state directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + stateDir + ]; + }; + }) + ]); } From 5a04603c85d3f85c01b065d2a37d0c7f5ea69778 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 17:58:13 -0600 Subject: [PATCH 433/932] removed replaced code from service.nix --- configurations/nixos/defiant/services.nix | 68 ----------------------- 1 file changed, 68 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 7ef6cde2..6b427176 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -69,18 +69,6 @@ in { default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; - forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that forgejo will be hosted at"; - default = "${config.apps.forgejo.subdomain}.${config.apps.base_domain}"; - }; - }; home-assistant = { subdomain = lib.mkOption { type = lib.types.str; @@ -244,47 +232,6 @@ in { services = { # DNS stub needs to be disabled so pi hole can bind # resolved.extraConfig = "DNSStubListener=no"; - - postgresql = { - enable = true; - ensureUsers = [ - { - name = "postgres"; - } - { - name = "forgejo"; - ensureDBOwnership = true; - } - { - name = "headscale"; - ensureDBOwnership = true; - } - ]; - ensureDatabases = [ - "forgejo" - "headscale" - # "nextcloud" - ]; - identMap = '' - # ArbitraryMapName systemUser DBUser - - # Administration Users - superuser_map postgres postgres - superuser_map root postgres - superuser_map leyla postgres - - # Client Users - superuser_map forgejo forgejo - superuser_map headscale headscale - ''; - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map - ''; - }; - headscale = { enable = true; user = "headscale"; @@ -307,21 +254,6 @@ in { }; }; - forgejo = { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = config.apps.forgejo.hostname; - HTTP_PORT = 8081; - }; - }; - }; - home-assistant = { enable = true; config.http = { From 1824bc8cc9a3d4fc549a0f7eec94632f6e6754fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 18:13:10 -0600 Subject: [PATCH 434/932] added searx service --- .../nixos/defiant/configuration.nix | 4 ++ configurations/nixos/defiant/services.nix | 32 --------------- modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/searx.nix | 40 +++++++++++++++++++ 4 files changed, 45 insertions(+), 32 deletions(-) create mode 100644 modules/nixos-modules/server/searx.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 668e10a2..5ebea988 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -73,6 +73,10 @@ enable = true; subdomain = "git"; }; + searx = { + enable = true; + subdomain = "search"; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 6b427176..f98e6809 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -81,18 +81,6 @@ in { default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; }; }; - searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "search"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that searx will be hosted at"; - default = "${config.apps.searx.subdomain}.${config.apps.base_domain}"; - }; - }; nextcloud = { subdomain = lib.mkOption { type = lib.types.str; @@ -113,9 +101,6 @@ in { "services/pi-hole" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; "services/nextcloud_adminpass" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; owner = config.users.users.nextcloud.name; @@ -265,17 +250,6 @@ in { }; }; - searx = { - enable = true; - environmentFile = config.sops.secrets."services/searx".path; - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - }; - }; - # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres nextcloud = { enable = true; @@ -307,11 +281,6 @@ in { # enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; }; - ${config.apps.searx.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.searx.settings.server.port}"; - }; }; }; }; @@ -333,7 +302,6 @@ in { config.services.forgejo.settings.server.HTTP_PORT config.services.home-assistant.config.http.server_port config.services.postgresql.settings.port - config.services.searx.settings.server.port ]); environment.systemPackages = [ diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 65d79d96..c38d60c2 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -5,5 +5,6 @@ ./postgres.nix ./jellyfin.nix ./forgejo.nix + ./searx.nix ]; } diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix new file mode 100644 index 00000000..5af4c57e --- /dev/null +++ b/modules/nixos-modules/server/searx.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + inputs, + ... +}: { + options.host.searx = { + enable = lib.mkEnableOption "should searx be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "searx"; + }; + }; + + config = lib.mkIf config.host.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + host = { + reverse_proxy.subdomains.${config.host.searx.subdomain} = { + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + }; + }; + services = { + searx = { + enable = true; + environmentFile = config.sops.secrets."services/searx".path; + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + }; + }; + }; + }; +} From a4e308650fe81c2197aa2718102ab91efb71bc04 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 18:22:05 -0600 Subject: [PATCH 435/932] created home assistant service --- .../nixos/defiant/configuration.nix | 4 ++ configurations/nixos/defiant/services.nix | 21 -------- modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 51 +++++++++++++++++++ 4 files changed, 56 insertions(+), 21 deletions(-) create mode 100644 modules/nixos-modules/server/home-assistant.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5ebea988..f366a601 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -77,6 +77,10 @@ enable = true; subdomain = "search"; }; + home-assistant = { + enable = true; + subdomain = "home"; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index f98e6809..0a6bb46b 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -239,17 +239,6 @@ in { }; }; - home-assistant = { - enable = true; - config.http = { - server_port = 8082; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - }; - # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres nextcloud = { enable = true; @@ -271,16 +260,6 @@ in { proxyWebsockets = true; }; }; - ${config.apps.forgejo.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; - }; - ${config.apps.home-assistant.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/".proxyPass = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - }; }; }; }; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index c38d60c2..38516d89 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -6,5 +6,6 @@ ./jellyfin.nix ./forgejo.nix ./searx.nix + ./home-assistant.nix ]; } diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix new file mode 100644 index 00000000..27b6a559 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant.nix @@ -0,0 +1,51 @@ +{ + lib, + config, + ... +}: let + configDir = "/var/lib/hass"; +in { + options.host.home-assistant = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + }; + + config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + enable = true; + config.http = { + server_port = 8082; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + }; + host = { + reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + configDir + ]; + }; + }) + ]); +} From e97061ab64d8996a5e5622f65f72dcc01a4a6774 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 18:34:53 -0600 Subject: [PATCH 436/932] added groups and users to impermanence directories --- modules/nixos-modules/server/forgejo.nix | 6 +++++- modules/nixos-modules/server/home-assistant.nix | 6 +++++- modules/nixos-modules/server/jellyfin.nix | 12 ++++++++++-- modules/nixos-modules/server/postgres.nix | 6 +++++- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 3c5b5fa9..fa8ebb6a 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -57,7 +57,11 @@ in { enable = true; hideMounts = true; directories = [ - stateDir + { + directory = stateDir; + user = "forgejo"; + group = "forgejo"; + } ]; }; }) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 27b6a559..ba6d81fd 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -43,7 +43,11 @@ in { enable = true; hideMounts = true; directories = [ - configDir + { + directory = configDir; + user = "hass"; + group = "hass"; + } ]; }; }) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index d6e3fe8e..6d6874a1 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -46,8 +46,16 @@ in { enable = true; hideMounts = true; directories = [ - jellyfin_data_directory - jellyfin_cache_directory + { + directory = jellyfin_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = jellyfin_cache_directory; + user = "jellyfin"; + group = "jellyfin"; + } ]; }; diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index fde5c970..252e4888 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -83,7 +83,11 @@ in { enable = true; hideMounts = true; directories = [ - dataDir + { + directory = dataDir; + user = "postgres"; + group = "postgres"; + } ]; }; }) From e6852cc537fd2905b0768d9c07588edd4204e973 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 19:31:39 -0600 Subject: [PATCH 437/932] fixed searx secrets not loading --- modules/nixos-modules/users.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 704413ae..c3a316e3 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -309,14 +309,6 @@ in { ) ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - "/run/secrets" - ]; - }; - host.storage.pool.extraDatasets = lib.mkMerge ( [ { From b02bd1a5e2d89e219174fcd13c8ca5e325e31bbb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Jan 2025 21:39:39 -0600 Subject: [PATCH 438/932] created config for pihole --- .../nixos/defiant/configuration.nix | 11 ++ configurations/nixos/defiant/services.nix | 129 ------------------ modules/nixos-modules/server/default.nix | 2 + modules/nixos-modules/server/pihole.nix | 98 +++++++++++++ modules/nixos-modules/server/podman.nix | 74 ++++++++++ 5 files changed, 185 insertions(+), 129 deletions(-) create mode 100644 modules/nixos-modules/server/pihole.nix create mode 100644 modules/nixos-modules/server/podman.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f366a601..e86dbc44 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -81,6 +81,17 @@ enable = true; subdomain = "home"; }; + pihole = { + enable = true; + ip = "192.168.1.201"; + }; + podman = { + macvlan = { + subnet = "192.168.1.0/24"; + gateway = "192.168.1.1"; + networkInterface = "bond0"; + }; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 0a6bb46b..2774a1dc 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -18,45 +18,6 @@ in { base_domain = lib.mkOption { type = lib.types.str; }; - macvlan = { - subnet = lib.mkOption { - type = lib.types.str; - description = "Subnet for macvlan address range"; - }; - gateway = lib.mkOption { - type = lib.types.str; - description = "Gateway for macvlan"; - # TODO: see if we can default this to systemd network gateway - }; - networkInterface = lib.mkOption { - type = lib.types.str; - description = "Parent network interface for macvlan"; - # TODO: see if we can default this some interface? - }; - }; - pihole = { - image = lib.mkOption { - type = lib.types.str; - description = "container image to use for pi-hole"; - }; - # TODO: check against subnet for macvlan - ip = lib.mkOption { - type = lib.types.str; - description = "ip address to use for pi-hole"; - }; - directory = { - root = lib.mkOption { - type = lib.types.str; - description = "directory that pihole will be hosted at"; - default = "/var/lib/pihole"; - }; - data = lib.mkOption { - type = lib.types.str; - description = "directory that pihole data will be hosted at"; - default = "${config.apps.pihole.directory.root}/data"; - }; - }; - }; headscale = { subdomain = lib.mkOption { type = lib.types.str; @@ -98,94 +59,14 @@ in { config = { sops.secrets = { - "services/pi-hole" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; "services/nextcloud_adminpass" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; owner = config.users.users.nextcloud.name; }; }; - virtualisation = { - # Runtime - podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; - }; - - oci-containers = { - backend = "podman"; - - containers = { - pihole = let - passwordFileLocation = "/var/lib/pihole/webpassword.txt"; - in { - image = config.apps.pihole.image; - volumes = [ - "${config.apps.pihole.directory.data}:/etc/pihole:rw" - "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" - ]; - environment = { - TZ = "America/Chicago"; - WEBPASSWORD_FILE = passwordFileLocation; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; - }; - log-driver = "journald"; - extraOptions = [ - "--ip=${config.apps.pihole.ip}" - "--network=macvlan" - ]; - }; - }; - }; - }; - - # TODO: dynamic users systemd = { - tmpfiles.rules = [ - "d ${config.apps.pihole.directory.root} 755 pihole pihole -" # is /home/docker/pihole on old system - "d ${config.apps.pihole.directory.data} 755 pihole pihole -" # is /home/docker/pihole on old system - ]; - services = { - "podman-pihole" = { - serviceConfig = { - Restart = lib.mkOverride 500 "always"; - }; - after = [ - "podman-network-macvlan.service" - ]; - requires = [ - "podman-network-macvlan.service" - ]; - partOf = [ - "podman-compose-root.target" - ]; - wantedBy = [ - "podman-compose-root.target" - ]; - }; - - "podman-network-macvlan" = { - path = [pkgs.podman]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "podman network rm -f macvlan"; - }; - script = '' - podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan - ''; - partOf = ["podman-compose-root.target"]; - wantedBy = ["podman-compose-root.target"]; - }; # nextcloud-setup = { # after = ["network.target"]; # }; @@ -201,16 +82,6 @@ in { suspend.enable = false; hibernate.enable = false; hybrid-sleep.enable = false; - - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - "podman-compose-root" = { - unitConfig = { - Description = "Root target for podman targets."; - }; - wantedBy = ["multi-user.target"]; - }; }; }; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 38516d89..dd19cfde 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -3,9 +3,11 @@ ./network_storage ./reverse_proxy.nix ./postgres.nix + ./podman.nix ./jellyfin.nix ./forgejo.nix ./searx.nix ./home-assistant.nix + ./pihole.nix ]; } diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix new file mode 100644 index 00000000..df86b97c --- /dev/null +++ b/modules/nixos-modules/server/pihole.nix @@ -0,0 +1,98 @@ +{ + lib, + config, + inputs, + ... +}: { + options.host.pihole = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + directory = lib.mkOption { + type = lib.types.str; + default = "/var/lib/pihole"; + }; + image = lib.mkOption { + type = lib.types.str; + default = "pihole/pihole:2024.07.0"; + description = "container image to use for pi-hole"; + }; + ip = lib.mkOption { + type = lib.types.str; + description = "ip address to use for pi-hole"; + }; + }; + config = lib.mkIf config.host.pihole.enable (lib.mkMerge [ + { + host.podman.enable = true; + sops.secrets = { + "services/pi-hole" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + systemd = { + tmpfiles.rules = [ + "d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system + ]; + + services = { + "podman-pihole" = { + serviceConfig = { + Restart = lib.mkOverride 500 "always"; + }; + after = [ + "podman-network-macvlan.service" + ]; + requires = [ + "podman-network-macvlan.service" + ]; + partOf = [ + "podman-compose-root.target" + ]; + wantedBy = [ + "podman-compose-root.target" + ]; + }; + }; + }; + + virtualisation = { + oci-containers = { + containers = { + pihole = let + passwordFileLocation = "/var/lib/pihole/webpassword.txt"; + in { + image = config.host.pihole.image; + volumes = [ + "${config.host.pihole.directory}:/etc/pihole:rw" + "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" + ]; + environment = { + TZ = "America/Chicago"; + WEBPASSWORD_FILE = passwordFileLocation; + PIHOLE_UID = toString config.users.users.pihole.uid; + PIHOLE_GID = toString config.users.groups.pihole.gid; + }; + log-driver = "journald"; + extraOptions = [ + "--ip=${config.host.pihole.ip}" + "--network=macvlan" + ]; + }; + }; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.host.pihole.directory; + user = "pihole"; + group = "pihole"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix new file mode 100644 index 00000000..0f48ac9f --- /dev/null +++ b/modules/nixos-modules/server/podman.nix @@ -0,0 +1,74 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.host.podman = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + macvlan = { + subnet = lib.mkOption { + type = lib.types.str; + description = "Subnet for macvlan address range"; + }; + gateway = lib.mkOption { + type = lib.types.str; + description = "Gateway for macvlan"; + # TODO: see if we can default this to systemd network gateway + }; + networkInterface = lib.mkOption { + type = lib.types.str; + description = "Parent network interface for macvlan"; + # TODO: see if we can default this some interface? + }; + }; + }; + config = lib.mkIf config.host.podman.enable { + systemd = { + services = { + "podman-network-macvlan" = { + path = [pkgs.podman]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "podman network rm -f macvlan"; + }; + script = '' + podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan + ''; + partOf = ["podman-compose-root.target"]; + wantedBy = ["podman-compose-root.target"]; + }; + }; + # disable computer sleeping + targets = { + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + "podman-compose-root" = { + unitConfig = { + Description = "Root target for podman targets."; + }; + wantedBy = ["multi-user.target"]; + }; + }; + }; + + virtualisation = { + # Runtime + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + defaultNetwork.settings = { + # Required for container networking to be able to use names. + dns_enabled = true; + }; + }; + + oci-containers = { + backend = "podman"; + }; + }; + }; +} From 6ab64fafe1d6a57c2e9256812d824b3b02ddfab5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:07:52 -0600 Subject: [PATCH 439/932] added acme to impermanence --- configurations/nixos/defiant/services.nix | 5 -- .../nixos-modules/server/reverse_proxy.nix | 65 +++++++++++++------ 2 files changed, 44 insertions(+), 26 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 2774a1dc..73c70243 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -135,11 +135,6 @@ in { }; }; - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - networking.firewall.allowedTCPPorts = [ httpPort diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 7eecdd0c..bd39d4cc 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -2,7 +2,9 @@ lib, config, ... -}: { +}: let + dataDir = "/var/lib/acme"; +in { options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; hostname = lib.mkOption { @@ -32,25 +34,46 @@ }; }; - # TODO: impermanence for ACME keys - config = { - security.acme = lib.mkIf config.host.reverse_proxy.enableACME { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; + config = lib.mkIf config.host.reverse_proxy.enable (lib.mkMerge [ + { + security.acme = lib.mkIf config.host.reverse_proxy.enableACME { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; - services.nginx = { - enable = config.host.reverse_proxy.enable; - virtualHosts = lib.attrsets.mapAttrs' (name: value: - lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations."/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets; - }; - }) - config.host.reverse_proxy.subdomains; - }; - }; + services.nginx = { + enable = true; + virtualHosts = lib.attrsets.mapAttrs' (name: value: + lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { + forceSSL = config.host.reverse_proxy.forceSSL; + enableACME = config.host.reverse_proxy.enableACME; + locations."/" = { + proxyPass = value.target; + proxyWebsockets = value.websockets; + }; + }) + config.host.reverse_proxy.subdomains; + }; + } + (lib.mkIf config.host.impermanence.enable { + # TODO: figure out how to write an assertion for this + # assertions = [ + # { + # assertion = security.acme.certs..directory == dataDir; + # message = "postgres data directory does not match persistence"; + # } + # ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "acme"; + group = "acme"; + } + ]; + }; + }) + ]); } From 12e1f8067b7e4938728397ab4505a9f340cc4124 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:23:06 -0600 Subject: [PATCH 440/932] added port forwards to services --- configurations/nixos/defiant/services.nix | 34 +------------------ modules/nixos-modules/server/pihole.nix | 7 +++- .../nixos-modules/server/reverse_proxy.nix | 7 ++++ 3 files changed, 14 insertions(+), 34 deletions(-) diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index 73c70243..fdb03832 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -4,13 +4,7 @@ pkgs, inputs, ... -}: let - jellyfinPort = 8096; - dnsPort = 53; - httpPort = 80; - httpsPort = 443; - isDebug = false; -in { +}: { imports = []; options = { @@ -30,18 +24,6 @@ in { default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; }; }; - home-assistant = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that home-assistant will be hosted at"; - default = "${config.apps.home-assistant.subdomain}.${config.apps.base_domain}"; - }; - }; nextcloud = { subdomain = lib.mkOption { type = lib.types.str; @@ -135,20 +117,6 @@ in { }; }; - networking.firewall.allowedTCPPorts = - [ - httpPort - httpsPort - dnsPort - ] - ++ (lib.optional isDebug [ - jellyfinPort - config.services.headscale.port - config.services.forgejo.settings.server.HTTP_PORT - config.services.home-assistant.config.http.server_port - config.services.postgresql.settings.port - ]); - environment.systemPackages = [ config.services.headscale.package ]; diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix index df86b97c..6ec7628e 100644 --- a/modules/nixos-modules/server/pihole.nix +++ b/modules/nixos-modules/server/pihole.nix @@ -3,7 +3,9 @@ config, inputs, ... -}: { +}: let + dnsPort = 53; +in { options.host.pihole = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; directory = lib.mkOption { @@ -80,6 +82,9 @@ }; }; }; + networking.firewall.allowedTCPPorts = [ + dnsPort + ]; } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index bd39d4cc..12fe7579 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -4,6 +4,8 @@ ... }: let dataDir = "/var/lib/acme"; + httpPort = 80; + httpsPort = 443; in { options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; @@ -54,6 +56,11 @@ in { }) config.host.reverse_proxy.subdomains; }; + + networking.firewall.allowedTCPPorts = [ + httpPort + httpsPort + ]; } (lib.mkIf config.host.impermanence.enable { # TODO: figure out how to write an assertion for this From 7dfb67f1f4e5418f244cab887e8f9dd734476eb9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:39:08 -0600 Subject: [PATCH 441/932] created nextcloud service --- configurations/nixos/defiant/services.nix | 30 ------------ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/nextcloud.nix | 55 ++++++++++++++++++++++ 3 files changed, 56 insertions(+), 30 deletions(-) create mode 100644 modules/nixos-modules/server/nextcloud.nix diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix index fdb03832..958bc08e 100644 --- a/configurations/nixos/defiant/services.nix +++ b/configurations/nixos/defiant/services.nix @@ -1,8 +1,6 @@ { lib, config, - pkgs, - inputs, ... }: { imports = []; @@ -40,31 +38,13 @@ }; config = { - sops.secrets = { - "services/nextcloud_adminpass" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - owner = config.users.users.nextcloud.name; - }; - }; - systemd = { services = { - # nextcloud-setup = { - # after = ["network.target"]; - # }; headscale = { after = ["postgresql.service"]; requires = ["postgresql.service"]; }; }; - - # disable computer sleeping - targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; }; services = { @@ -92,16 +72,6 @@ }; }; - # nextcloud here is built using its auto setup mysql db because it was not playing nice with postgres - nextcloud = { - enable = true; - package = pkgs.nextcloud30; - hostName = config.apps.nextcloud.hostname; - config = { - adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; - }; - }; - nginx = { enable = true; virtualHosts = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index dd19cfde..b44eec73 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,5 +9,6 @@ ./searx.nix ./home-assistant.nix ./pihole.nix + ./nextcloud.nix ]; } diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix new file mode 100644 index 00000000..126ddd5f --- /dev/null +++ b/modules/nixos-modules/server/nextcloud.nix @@ -0,0 +1,55 @@ +{ + lib, + pkgs, + config, + inputs, + ... +}: let + dataDir = "/var/lib/nextcloud"; +in { + options.host.nextcloud = { + enable = lib.mkEnableOption "should nextcloud be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that nextcloud will be hosted at"; + default = "nextcloud"; + }; + }; + + config = lib.mkIf config.host.nextcloud.enable (lib.mkMerge [ + { + sops.secrets = { + "services/nextcloud_adminpass" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + owner = config.users.users.nextcloud.name; + }; + }; + + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {}; + + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; + config = { + adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; + }; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "nextcloud"; + group = "nextcloud"; + } + ]; + }; + }) + ]); +} From 0e5cf348098f549c85ee684f57ef26aad11e13d7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 13:48:03 -0600 Subject: [PATCH 442/932] added headscale service --- .../nixos/defiant/configuration.nix | 8 ++ configurations/nixos/defiant/services.nix | 94 ------------------- modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/headscale.nix | 61 ++++++++++++ 4 files changed, 70 insertions(+), 94 deletions(-) delete mode 100644 configurations/nixos/defiant/services.nix create mode 100644 modules/nixos-modules/server/headscale.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e86dbc44..c6a9e016 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -92,6 +92,14 @@ networkInterface = "bond0"; }; }; + nextcloud = { + enable = true; + subdomain = "drive"; + }; + headscale = { + enable = true; + subdomain = "vpn"; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/defiant/services.nix b/configurations/nixos/defiant/services.nix deleted file mode 100644 index 958bc08e..00000000 --- a/configurations/nixos/defiant/services.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ - lib, - config, - ... -}: { - imports = []; - - options = { - apps = { - base_domain = lib.mkOption { - type = lib.types.str; - }; - headscale = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that headscale will be hosted at"; - default = "headscale"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that headscale will be hosted at"; - default = "${config.apps.headscale.subdomain}.${config.apps.base_domain}"; - }; - }; - nextcloud = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that nextcloud will be hosted at"; - default = "nextcloud"; - }; - hostname = lib.mkOption { - type = lib.types.str; - description = "hostname that nextcloud will be hosted at"; - default = "${config.apps.nextcloud.subdomain}.${config.apps.base_domain}"; - }; - }; - }; - }; - - config = { - systemd = { - services = { - headscale = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - }; - }; - - services = { - # DNS stub needs to be disabled so pi hole can bind - # resolved.extraConfig = "DNSStubListener=no"; - headscale = { - enable = true; - user = "headscale"; - group = "headscale"; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${config.apps.headscale.hostname}"; - dns.base_domain = "clients.${config.apps.headscale.hostname}"; - logtail.enabled = true; - database = { - type = "postgres"; - postgres = { - host = "/run/postgresql"; - port = config.services.postgresql.settings.port; - user = "headscale"; - name = "headscale"; - }; - }; - }; - }; - - nginx = { - enable = true; - virtualHosts = { - ${config.apps.headscale.hostname} = { - # forceSSL = true; - # enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - }; - }; - }; - - environment.systemPackages = [ - config.services.headscale.package - ]; - }; -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index b44eec73..9696617d 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,5 +10,6 @@ ./home-assistant.nix ./pihole.nix ./nextcloud.nix + ./headscale.nix ]; } diff --git a/modules/nixos-modules/server/headscale.nix b/modules/nixos-modules/server/headscale.nix new file mode 100644 index 00000000..4495a4a4 --- /dev/null +++ b/modules/nixos-modules/server/headscale.nix @@ -0,0 +1,61 @@ +{ + lib, + config, + ... +}: let + hostname = "${config.host.headscale.subdomain}.${config.host.reverse_proxy.hostname}"; +in { + options.host.headscale = { + enable = lib.mkEnableOption "should headscale be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that headscale will be hosted at"; + default = "headscale"; + }; + }; + + config = lib.mkIf config.host.headscale.enable { + host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString config.services.headscale.port}"; + }; + + systemd = { + services = { + headscale = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; + }; + }; + + services = { + # DNS stub needs to be disabled so pi hole can bind + # resolved.extraConfig = "DNSStubListener=no"; + headscale = { + enable = true; + user = "headscale"; + group = "headscale"; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${hostname}"; + dns.base_domain = "clients.${hostname}"; + logtail.enabled = true; + database = { + type = "postgres"; + postgres = { + host = "/run/postgresql"; + port = config.services.postgresql.settings.port; + user = "headscale"; + name = "headscale"; + }; + }; + }; + }; + }; + + environment.systemPackages = [ + config.services.headscale.package + ]; + }; +} From da8919b999024424f68becfbdecca47c1e6bbae7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 16:34:15 -0600 Subject: [PATCH 443/932] removed headscale --- .../nixos/defiant/configuration.nix | 40 +++--------- modules/nixos-modules/server/default.nix | 1 - modules/nixos-modules/server/headscale.nix | 61 ------------------- modules/nixos-modules/server/postgres.nix | 39 +++++++++--- 4 files changed, 39 insertions(+), 102 deletions(-) delete mode 100644 modules/nixos-modules/server/headscale.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c6a9e016..c32b6b34 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,9 +1,5 @@ # server nas {pkgs, ...}: { - imports = [ - # ./services.nix - ]; - nixpkgs.config.allowUnfree = true; host = { @@ -65,6 +61,13 @@ enable = false; hostname = "volpe.social"; }; + postgres = { + extraUsers = { + leyla = { + isAdmin = true; + }; + }; + }; jellyfin = { enable = true; subdomain = "media"; @@ -96,40 +99,11 @@ enable = true; subdomain = "drive"; }; - headscale = { - enable = true; - subdomain = "vpn"; - }; }; networking = { hostId = "c51763d6"; }; - # apps = { - # base_domain = "jan-leila.com"; - # macvlan = { - # subnet = "192.168.1.0/24"; - # gateway = "192.168.1.1"; - # networkInterface = "bond0"; - # }; - # pihole = { - # image = "pihole/pihole:2024.07.0"; - # ip = "192.168.1.201"; - # }; - # headscale = { - # subdomain = "vpn"; - # }; - # jellyfin = { - # subdomain = "media"; - # }; - # forgejo = { - # subdomain = "git"; - # }; - # nextcloud = { - # subdomain = "drive"; - # }; - # }; - services = { # TODO: move zfs scrubbing into module zfs = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 9696617d..b44eec73 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,6 +10,5 @@ ./home-assistant.nix ./pihole.nix ./nextcloud.nix - ./headscale.nix ]; } diff --git a/modules/nixos-modules/server/headscale.nix b/modules/nixos-modules/server/headscale.nix deleted file mode 100644 index 4495a4a4..00000000 --- a/modules/nixos-modules/server/headscale.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - lib, - config, - ... -}: let - hostname = "${config.host.headscale.subdomain}.${config.host.reverse_proxy.hostname}"; -in { - options.host.headscale = { - enable = lib.mkEnableOption "should headscale be enabled on this computer"; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that headscale will be hosted at"; - default = "headscale"; - }; - }; - - config = lib.mkIf config.host.headscale.enable { - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString config.services.headscale.port}"; - }; - - systemd = { - services = { - headscale = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - }; - }; - - services = { - # DNS stub needs to be disabled so pi hole can bind - # resolved.extraConfig = "DNSStubListener=no"; - headscale = { - enable = true; - user = "headscale"; - group = "headscale"; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${hostname}"; - dns.base_domain = "clients.${hostname}"; - logtail.enabled = true; - database = { - type = "postgres"; - postgres = { - host = "/run/postgresql"; - port = config.services.postgresql.settings.port; - user = "headscale"; - name = "headscale"; - }; - }; - }; - }; - }; - - environment.systemPackages = [ - config.services.headscale.package - ]; - }; -} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 252e4888..450fafab 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -7,6 +7,8 @@ dataDir = "/var/lib/postgresql/15"; adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; in { options = { host.postgres = { @@ -26,6 +28,21 @@ in { type = lib.types.bool; default = false; }; + createUser = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + })); + default = {}; + }; + extraDatabases = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; }; })); default = {}; @@ -39,11 +56,19 @@ in { postgresql = { enable = true; package = pkgs.postgresql_15; - ensureUsers = [ - { - name = "postgres"; - } - ]; + ensureUsers = + [ + { + name = "postgres"; + } + ] + ++ ( + builtins.map (user: { + name = user.name; + }) + createUsers + ); + ensureDatabases = builtins.map (database: database.name) createDatabases; identMap = '' # ArbitraryMapName systemUser DBUser @@ -60,13 +85,13 @@ in { # Client Users '' + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} ${user.name}") clientUsers) + lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) ); # configuration here lets users access the db that matches their name and lets user postgres access everything authentication = pkgs.lib.mkOverride 10 '' # type database DBuser origin-address auth-method optional_ident_map local all postgres peer map=superuser_map - local sameuser all peer map=superuser_map + local sameuser all peer map=user_map ''; }; }; From 4c7d6bf8374b22d526b3207d1d389d491cc02533 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 17:09:10 -0600 Subject: [PATCH 444/932] enabled reverse proxy --- configurations/nixos/defiant/configuration.nix | 4 ++-- modules/nixos-modules/server/reverse_proxy.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c32b6b34..a619c03f 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -58,8 +58,8 @@ }; }; reverse_proxy = { - enable = false; - hostname = "volpe.social"; + enable = true; + hostname = "jan-leila.com"; }; postgres = { extraUsers = { diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 12fe7579..acadbe8a 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -16,7 +16,7 @@ in { forceSSL = lib.mkOption { type = lib.types.bool; description = "force connections to use https"; - default = true; + default = config.host.reverse_proxy.enableACME; }; enableACME = lib.mkOption { type = lib.types.bool; From a379f146d6c6ae43e8068abf6ac09ca0a35c07c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 17:51:08 -0600 Subject: [PATCH 445/932] updated flake.lock --- .../home-manager/leyla/packages.nix | 1 - flake.lock | 48 +++++++++---------- modules/nixos-modules/desktop.nix | 6 +-- 3 files changed, 27 insertions(+), 28 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 836a22b2..9593ba0f 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -68,7 +68,6 @@ in { bruno qFlipper proxmark3 - godot_4-mono # system tools protonvpn-gui diff --git a/flake.lock b/flake.lock index 44359f88..9fe79624 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1735048446, - "narHash": "sha256-Tc35Y8H+krA6rZeOIczsaGAtobSSBPqR32AfNTeHDRc=", + "lastModified": 1735468753, + "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", "owner": "nix-community", "repo": "disko", - "rev": "3a4de9fa3a78ba7b7170dda6bd8b4cdab87c0b21", + "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735202720, - "narHash": "sha256-7aEdACqT2B7nZNFjn2Y66Qucfl1AHHVFKxm4yvO0O10=", + "lastModified": 1735926627, + "narHash": "sha256-L8uuPK8ieuNJLbYsZ3nhBZ0+6btvbCqRm9wG51tbOdE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fe816609e68ee1887ee89e43c9ca1aad75362477", + "rev": "a3943ec69fff6fb80227e62acca22adc016ada63", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1735053786, - "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=", + "lastModified": 1735947440, + "narHash": "sha256-jnEcfmOhWntmVEcqlvs+j532+mvmgsKtQSSfukgkn+A=", "owner": "nix-community", "repo": "home-manager", - "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84", + "rev": "a9987622b7b93c82e147f198574e8e6ffbf5e327", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1735218083, - "narHash": "sha256-MoUAbmXz9TEr7zlKDRO56DBJHe30+7B5X7nhXm+Vpc8=", + "lastModified": 1735685839, + "narHash": "sha256-62xAPSs5VRZoPH7eRanUn5S5vZEd+8vM4bD5I+zxokc=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bc03f7818771a75716966ce8c23110b715eff2aa", + "rev": "6a1fdb2a1204c0de038847b601cff5012e162b5e", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1735264033, - "narHash": "sha256-ss9vVSK9M2o8hW4nFs+GuVxsrIZ8X3zxQfeWhEKgMT0=", + "lastModified": 1735868868, + "narHash": "sha256-U4Oy2o/CmBg6gexAHamH++52oAgvvEwcq9fkEmcvjyw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b5223dca0334d671787531a204bdba7717b48a72", + "rev": "b0f7a59cee0ca77c157ab4e0c60d4a9df6bccb86", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734954597, - "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", + "lastModified": 1735388221, + "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "def1d472c832d77885f174089b0d34854b007198", + "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734649271, - "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", + "lastModified": 1735834308, + "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", + "rev": "6df24922a1400241dae323af55f30e4318a6ca65", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1734546875, - "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", + "lastModified": 1735844895, + "narHash": "sha256-CIRlqX9tBK2awJkmVu2cKuap/0QziDXStQZ/u/+e8Z4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", + "rev": "24d89184adf76d7ccc99e659dc5f3838efb5ee32", "type": "github" }, "original": { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index d1b05175..c6d3dfac 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -46,10 +46,10 @@ automatic-timezoned = { enable = true; }; - }; - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; + # Enable sound with pipewire. + pulseaudio.enable = false; + }; # enable RealtimeKit for pulse audio security.rtkit.enable = true; From c9a7ce7150b60f8b641aefce46abfbe7c3fed929 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 18:27:49 -0600 Subject: [PATCH 446/932] reorganized configs in configuration.nix --- configurations/nixos/defiant/configuration.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a619c03f..a5e9c7d8 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -68,6 +68,13 @@ }; }; }; + podman = { + macvlan = { + subnet = "192.168.1.0/24"; + gateway = "192.168.1.1"; + networkInterface = "bond0"; + }; + }; jellyfin = { enable = true; subdomain = "media"; @@ -88,13 +95,6 @@ enable = true; ip = "192.168.1.201"; }; - podman = { - macvlan = { - subnet = "192.168.1.0/24"; - gateway = "192.168.1.1"; - networkInterface = "bond0"; - }; - }; nextcloud = { enable = true; subdomain = "drive"; From 31a9d201581350a4118369a27dce4549a3b84a91 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:46:43 -0600 Subject: [PATCH 447/932] fixed mount points for new nfs server --- configurations/nixos/horizon/hardware-configuration.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 184be7a4..a30decba 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -39,25 +39,25 @@ }; "/mnt/leyla_home" = { - device = "defiant:/home/leyla"; + device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/eve_home" = { - device = "defiant:/home/eve"; + device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/ester_home" = { - device = "defiant:/home/ester"; + device = "defiant:/exports/ester"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/users_home" = { - device = "defiant:/home/users"; + device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; From dc6d05a0b05d7c4216f1549d70ed4968fdc0db50 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:47:43 -0600 Subject: [PATCH 448/932] added default to subdomains --- modules/nixos-modules/server/reverse_proxy.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index acadbe8a..a218b3f5 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -33,6 +33,7 @@ in { websockets = lib.mkEnableOption "should websockets be proxied"; }; })); + default = {}; }; }; From 1374696401d2ff6f41d74af004f34f0d410484af Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:48:55 -0600 Subject: [PATCH 449/932] removed un needed comment --- configurations/nixos/horizon/configuration.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index bc96142c..0c48bb38 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -39,16 +39,6 @@ programs.adb.enable = true; - # enabled virtualisation for docker - # virtualisation.docker = { - # enable = true; - # rootless = { - # enable = true; - # setSocketVariable = true; - # }; - # }; - # users.extraGroups.docker.members = ["leyla"]; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; From 994234c18b73292a4e45c203b36fdce8657353f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Jan 2025 19:58:22 -0600 Subject: [PATCH 450/932] increased side of boot partition --- modules/nixos-modules/disko.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index f95edcfd..b2685aff 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -90,7 +90,8 @@ in { partitions = { # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA ESP = { - size = "64M"; + # 2G here because its not much relative to how much storage we have for caching + size = "2G"; type = "EF00"; content = { type = "filesystem"; From e2d3bb5d01e54221b2989e8ab483967b05f258f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 15:20:51 -0600 Subject: [PATCH 451/932] added auto key generation to ssh --- README.md | 4 + .../home-manager/leyla/impermanence.nix | 1 - modules/home-manager-modules/openssh.nix | 100 +++++++++++++++++- modules/nixos-modules/ssh.nix | 9 +- 4 files changed, 104 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 6d5119d7..626e3f23 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ +# nix-config + + + # Hosts ## Host Map diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 3f85d148..b3d058de 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -9,7 +9,6 @@ "desktop" "downloads" "documents" - ".ssh" { directory = ".local/share/Steam"; method = "symlink"; diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index ef4f11f5..4710cd91 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -1,8 +1,102 @@ -{lib, ...}: { - options.programs = { - openssh.authorizedKeys = lib.mkOption { +{ + pkgs, + config, + osConfig, + lib, + ... +}: { + options.programs.openssh = { + authorizedKeys = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; }; + hostKeys = lib.mkOption { + type = lib.types.listOf lib.types.attrs; + default = [ + { + type = "rsa"; + bits = 4096; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; + } + { + type = "ed25519"; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + example = [ + { + type = "rsa"; + bits = 4096; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; + rounds = 100; + openSSHFormat = true; + } + { + type = "ed25519"; + path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; + rounds = 100; + comment = "key comment"; + } + ]; + description = '' + NixOS can automatically generate SSH host keys. This option + specifies the path, type and size of each key. See + {manpage}`ssh-keygen(1)` for supported types + and sizes. Paths are relative to home directory + ''; + }; }; + + config = lib.mkMerge [ + { + systemd.user.services."${config.home.username}-ssh-keygen" = { + Unit = { + description = "Generate SSH keys for user"; + }; + Install = { + wantedBy = ["sshd.target" "multi-user.target" "default.target"]; + }; + Service = { + ExecStart = "${ + pkgs.writeShellScript "ssh-keygen" + '' + # Make sure we don't write to stdout, since in case of + # socket activation, it goes to the remote side (#19589). + exec >&2 + + ${lib.flip lib.concatMapStrings config.programs.openssh.hostKeys (k: let + path = "${config.home.homeDirectory}/${k.path}"; + in '' + if ! [ -s "${path}" ]; then + if ! [ -h "${path}" ]; then + rm -f "${path}" + fi + mkdir -p "$(dirname '${path}')" + chmod 0755 "$(dirname '${path}')" + ssh-keygen \ + -t "${k.type}" \ + ${lib.optionalString (k ? bits) "-b ${toString k.bits}"} \ + ${lib.optionalString (k ? rounds) "-a ${toString k.rounds}"} \ + ${lib.optionalString (k ? comment) "-C '${k.comment}'"} \ + ${lib.optionalString (k ? openSSHFormat && k.openSSHFormat) "-o"} \ + -f "${path}" \ + -N "" + fi + '')} + '' + }"; + KillMode = "process"; + Restart = "always"; + Type = "simple"; + }; + }; + } + (lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + files = lib.lists.flatten ( + builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.programs.openssh.hostKeys + ); + }; + }) + ]; } diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 69bd1859..6f5fac18 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -19,12 +19,9 @@ } (lib.mkIf config.host.impermanence.enable { environment.persistence."/persist/system/root" = { - files = [ - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; + files = lib.lists.flatten ( + builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.services.openssh.hostKeys + ); }; }) ]; From 19a9b06c4e7ba08e13bfa8c92c373d7fa83d6769 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 15:23:33 -0600 Subject: [PATCH 452/932] added header to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 626e3f23..bed915ff 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # nix-config +https://git.jan-leila.com/jan-leila/nix-config +nix multi user, multi system, configuration with `sops` secret management, `home-manager`, and `nixos-anywhere` setup via `disko` with `zfs` + `impermanence` # Hosts From caa08f1c1823816a9ec4426263bf14259e2d956b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 17:48:02 -0600 Subject: [PATCH 453/932] removed rsa from default hostKeys --- modules/home-manager-modules/openssh.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 4710cd91..ae81bd11 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -13,11 +13,6 @@ hostKeys = lib.mkOption { type = lib.types.listOf lib.types.attrs; default = [ - { - type = "rsa"; - bits = 4096; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; - } { type = "ed25519"; path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; From 0c5b21d60a6628dfc4cff3853e7222d62877a8a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:29:29 -0600 Subject: [PATCH 454/932] fixed ssh key generation --- configurations/home-manager/leyla/default.nix | 16 +++- modules/home-manager-modules/openssh.nix | 94 +++++++++---------- 2 files changed, 58 insertions(+), 52 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 8b41e3a7..bb65a352 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,6 +1,7 @@ { pkgs, osConfig, + config, ... }: { imports = [ @@ -106,9 +107,18 @@ }; bash.enable = true; - openssh.authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - ]; + openssh = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; }; dconf = { diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index ae81bd11..652b0fb8 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -12,23 +12,18 @@ }; hostKeys = lib.mkOption { type = lib.types.listOf lib.types.attrs; - default = [ - { - type = "ed25519"; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; + default = []; example = [ { type = "rsa"; bits = 4096; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_rsa"; + path = "${config.home.username}_${osConfig.networking.hostName}_rsa"; rounds = 100; openSSHFormat = true; } { type = "ed25519"; - path = ".ssh/${config.home.username}_${osConfig.networking.hostName}_ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; rounds = 100; comment = "key comment"; } @@ -43,53 +38,54 @@ }; config = lib.mkMerge [ - { - systemd.user.services."${config.home.username}-ssh-keygen" = { - Unit = { - description = "Generate SSH keys for user"; + ( + lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { + services.ssh-agent.enable = true; + programs.ssh = { + enable = true; + addKeysToAgent = "yes"; }; - Install = { - wantedBy = ["sshd.target" "multi-user.target" "default.target"]; - }; - Service = { - ExecStart = "${ - pkgs.writeShellScript "ssh-keygen" - '' - # Make sure we don't write to stdout, since in case of - # socket activation, it goes to the remote side (#19589). - exec >&2 - ${lib.flip lib.concatMapStrings config.programs.openssh.hostKeys (k: let - path = "${config.home.homeDirectory}/${k.path}"; - in '' - if ! [ -s "${path}" ]; then - if ! [ -h "${path}" ]; then - rm -f "${path}" + systemd.user.services = builtins.listToAttrs ( + builtins.map (hostKey: + lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { + Install = { + WantedBy = ["default.target"]; + }; + Service = let + path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; + in { + Restart = "always"; + Type = "simple"; + ExecStart = "${ + pkgs.writeShellScript "ssh-gen-keys" '' + if ! [ -s "${path}" ]; then + if ! [ -h "${path}" ]; then + rm -f "${path}" + fi + mkdir -p "$(dirname '${path}')" + chmod 0755 "$(dirname '${path}')" + ${pkgs.openssh}/bin/ssh-keygen \ + -t "${hostKey.type}" \ + ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ + ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ + ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ + ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ + -f "${path}" \ + -N "" fi - mkdir -p "$(dirname '${path}')" - chmod 0755 "$(dirname '${path}')" - ssh-keygen \ - -t "${k.type}" \ - ${lib.optionalString (k ? bits) "-b ${toString k.bits}"} \ - ${lib.optionalString (k ? rounds) "-a ${toString k.rounds}"} \ - ${lib.optionalString (k ? comment) "-C '${k.comment}'"} \ - ${lib.optionalString (k ? openSSHFormat && k.openSSHFormat) "-o"} \ - -f "${path}" \ - -N "" - fi - '')} - '' - }"; - KillMode = "process"; - Restart = "always"; - Type = "simple"; - }; - }; - } + '' + }"; + }; + }) + config.programs.openssh.hostKeys + ); + } + ) (lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { files = lib.lists.flatten ( - builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.programs.openssh.hostKeys + builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); }; }) From c557523bd6fb893fb7cbf6456fffe1f1df5fc815 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:42:14 -0600 Subject: [PATCH 455/932] configured ssh options --- modules/home-manager-modules/openssh.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 652b0fb8..12107c8a 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -43,7 +43,8 @@ services.ssh-agent.enable = true; programs.ssh = { enable = true; - addKeysToAgent = "yes"; + compression = true; + addKeysToAgent = "prompt"; }; systemd.user.services = builtins.listToAttrs ( From 445df7eb5baaca3e1cb78e01c3127a1c80734a04 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:50:24 -0600 Subject: [PATCH 456/932] fixed identities not being found automatically --- modules/home-manager-modules/openssh.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 12107c8a..df788287 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -44,7 +44,10 @@ programs.ssh = { enable = true; compression = true; - addKeysToAgent = "prompt"; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + ); }; systemd.user.services = builtins.listToAttrs ( From 89f2ada23336621024dfafa15d580ad3997756f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Jan 2025 23:56:01 -0600 Subject: [PATCH 457/932] added coven to sync --- modules/nixos-modules/sync.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 532038e2..ce9a247b 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -56,6 +56,9 @@ in { ceder = { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; }; + coven = { + id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + }; }; folders = lib.mkMerge [ config.host.sync.folders.extraFolders @@ -63,21 +66,21 @@ in { "documents" = { id = "hvrj0-9bm1p"; path = "/mnt/sync/leyla/documents"; - devices = ["ceder"]; + devices = ["ceder" "coven"]; }; }) (lib.mkIf config.host.sync.folders.leyla.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; path = "/mnt/sync/leyla/calendar"; - devices = ["ceder"]; + devices = ["ceder" "coven"]; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "/mnt/sync/leyla/notes"; - devices = ["ceder"]; + devices = ["ceder" "coven"]; }; }) ]; From 81a1c9cc3f5f1c81eb559093182f8d4c80ae1c59 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 Jan 2025 10:46:43 -0600 Subject: [PATCH 458/932] removed completed tasks from README.md --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index bed915ff..ff08fb8c 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Research topics - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` -- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init - Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - https://nixos-and-flakes.thiscute.world/ @@ -50,7 +49,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- move applications in `defiant/services.nix` into their own modules - syncthing password ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) @@ -58,7 +56,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - samba mounts - figure out steam vr things? - Open GL? -- openssh known hosts - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing - tail scale clients From 84698ba68b22c8e5a9b4d4556ca9c1f452e19324 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 11:57:01 -0600 Subject: [PATCH 459/932] fixed coven id for sync --- modules/nixos-modules/sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index ce9a247b..00036f4b 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -57,7 +57,7 @@ in { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; }; coven = { - id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; }; }; folders = lib.mkMerge [ From 46fd27f76892b5ae02c3993e508d70042001be12 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 14:06:26 -0600 Subject: [PATCH 460/932] added fail2ban --- .../nixos/defiant/configuration.nix | 3 + modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/fail2ban.nix | 90 +++++++++++++++++++ modules/nixos-modules/server/nextcloud.nix | 8 ++ 4 files changed, 102 insertions(+) create mode 100644 modules/nixos-modules/server/fail2ban.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a5e9c7d8..f65421c1 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -28,6 +28,9 @@ ]; }; }; + fail2ban = { + enable = true; + }; network_storage = { enable = true; directories = [ diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index b44eec73..c8e17a9c 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./fail2ban.nix ./network_storage ./reverse_proxy.nix ./postgres.nix diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix new file mode 100644 index 00000000..f68ef9d4 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban.nix @@ -0,0 +1,90 @@ +{ + lib, + config, + ... +}: { + options.host.fail2ban = { + enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; + }; + + config = lib.mkIf config.host.fail2ban.enable (lib.mkMerge [ + { + services.fail2ban = { + enable = true; + maxretry = 5; + ignoreIP = [ + # Whitelist local networks + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + ]; + bantime = "24h"; # Ban IPs for one day on the first ban + bantime-increment = { + enable = true; # Enable increment of bantime after each violation + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + maxtime = "168h"; # Do not ban for more than 1 week + overalljails = true; # Calculate the ban time based on all the violations + }; + jails = { + nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + filter = "nginx"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + backend = "auto"; + failregex = "limiting requests, excess:.* by zone.*client: "; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + filter = "jellyfin"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.jellyfin.dataDir}/log/*.log"; + backend = "auto"; + failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\."; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + nextcloud-iptables.settings = lib.mkIf config.services.nextcloud.enable { + filter = "nextcloud"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.nextcloud.datadir}/*.log"; + backend = "auto"; + failregex = '' + ^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: ''\)","level":2,"time":".*"}$ + ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user,:".*","app":"no app in context".*","method":".*","message":"Login failed: '.*' \(Remote IP: ''\)".*}$ + ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: \).*}$ + ''; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + filter = "forgejo"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.forgejo.stateDir}/log/*.log"; + backend = "auto"; + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from "; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + filter = "home-assistant"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + failregex = "^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + # TODO; figure out if there is any fail2ban things we can do on searx + # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + }) + ]); +} diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index 126ddd5f..a1ad0cf9 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -32,6 +32,7 @@ in { enable = true; package = pkgs.nextcloud30; hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; + settings.log_type = "file"; config = { adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; }; @@ -39,6 +40,13 @@ in { }; } (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.nextcloud.datadir == dataDir; + message = "nextcloud data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; From 6a8daadb4e256f439b8cd6bdb4e9901808544815 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 14:07:19 -0600 Subject: [PATCH 461/932] fixed gnome tour showing on reboot --- configurations/home-manager/leyla/impermanence.nix | 2 +- configurations/nixos/defiant/configuration.nix | 1 + modules/nixos-modules/desktop.nix | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index b3d058de..8cbc2546 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -15,7 +15,7 @@ } ]; files = [ - ".config/gnome-initial-setup-done" # gnome welcome message + ".bash_history" # keep shell history around ".local/share/recently-used.xbel" # gnome recently viewed files ]; }; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f65421c1..f60e1461 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -62,6 +62,7 @@ }; reverse_proxy = { enable = true; + enableACME = false; hostname = "jan-leila.com"; }; postgres = { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index c6d3dfac..22a7b658 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -53,6 +53,8 @@ # enable RealtimeKit for pulse audio security.rtkit.enable = true; + # disable welcome tour + environment.gnome.excludePackages = [pkgs.gnome-tour]; }) ]; } From b9b5c1b2e3985d6f75c85afde60354b27d9027b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 14:11:29 -0600 Subject: [PATCH 462/932] added impermanence to fail2ban --- modules/nixos-modules/server/fail2ban.nix | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index f68ef9d4..e59d8a51 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -2,7 +2,9 @@ lib, config, ... -}: { +}: let + dataFile = "/var/lib/fail2ban/fail2ban.sqlite3"; +in { options.host.fail2ban = { enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; }; @@ -85,6 +87,20 @@ }; } (lib.mkIf config.host.impermanence.enable { - }) + assertions = [ + { + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == dataFile; + message = "fail2ban data file does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + files = [ + dataFile + ]; + }; + }) ]); } From b18cd526d7991eb541c39c0a1951e682943350b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 6 Jan 2025 20:03:32 -0600 Subject: [PATCH 463/932] added tasks to README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ff08fb8c..4798a5df 100644 --- a/README.md +++ b/README.md @@ -62,4 +62,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich -- zfs encryption FIDO2 2fa \ No newline at end of file +- zfs encryption FIDO2 2fa +- ISO installer - https://github.com/nix-community/nixos-generators +- Secure Boot - https://github.com/nix-community/lanzaboote From 8b1551266b387a8ec507c9f8334d72f34c63b6f8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 7 Jan 2025 15:59:31 -0600 Subject: [PATCH 464/932] added host option to rebuild script --- rebuild.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/rebuild.sh b/rebuild.sh index a4b7fdc6..45dae64a 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -15,7 +15,7 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` target="${1#*=}" ;; - --flake*|-h*) + --flake*|-f*) if [[ "$1" != *=* ]]; then shift; fi flake="${1#*=}" ;; @@ -27,6 +27,10 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi user="${1#*=}" ;; + --host*) + if [[ "$1" != *=* ]]; then shift; fi + host="${1#*=}" + ;; --preserve-result) preserve_result=true ;; @@ -42,6 +46,7 @@ while [ $# -gt 0 ]; do echo "--flake -f: set the flake to rebuild on the target system" echo "--mode -m: set the mode to rebuild flake as on the target system" echo "--user -u: set the user to rebuild flake as on the target system" + echo "--host: set the host that the flake will be rebuilt on (unset for current machine)" echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" echo "--show-trace: show trace on builds" @@ -62,6 +67,11 @@ user=${user:-$USER} command="nixos-rebuild $mode --use-remote-sudo --flake .#$flake" +if [[ $host ]]; +then + command="$command --build-host $host" +fi + if [[ "$target" != "$(hostname)" ]]; then command="$command --target-host $user@$target" @@ -72,6 +82,7 @@ then command="$command --show-trace" fi +echo $command $command if [ -d "result" ]; From 0d952467cc3a92f8641b9f8311f406afa6fb0718 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 7 Jan 2025 21:42:14 -0600 Subject: [PATCH 465/932] moved monitors to separate file --- .../nixos/twilight/configuration.nix | 204 +----------------- configurations/nixos/twilight/monitors.nix | 199 +++++++++++++++++ 2 files changed, 204 insertions(+), 199 deletions(-) create mode 100644 configurations/nixos/twilight/monitors.nix diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 75c8dc7f..18e9972c 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{...}: { + imports = [ + ./monitors.nix + ]; + nixpkgs.config.allowUnfree = true; host = { @@ -19,204 +23,6 @@ }; }; - systemd.tmpfiles.rules = [ - "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' - - - - 0 - 156 - 1 - - - DP-4 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 2560 - 324 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 0 - 1 - - left - no - - - - HDMI-0 - HWP - HP w2207 - CND7332S88 - - - 1600 - 1000 - 59.999 - - - - - - - 0 - 0 - 1 - yes - - - DP-1 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 4480 - 226 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 2560 - 226 - 1 - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - - - 2560 - 228 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 69 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 0 - 0 - 1 - - - DP-3 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - - None-1 - unknown - unknown - unknown - - - - - ''}" - ]; - # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/configurations/nixos/twilight/monitors.nix b/configurations/nixos/twilight/monitors.nix new file mode 100644 index 00000000..1308f501 --- /dev/null +++ b/configurations/nixos/twilight/monitors.nix @@ -0,0 +1,199 @@ +{pkgs, ...}: { + systemd.tmpfiles.rules = [ + "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' + + + + 0 + 156 + 1 + + + DP-4 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 2560 + 324 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 0 + 1 + + left + no + + + + HDMI-0 + HWP + HP w2207 + CND7332S88 + + + 1600 + 1000 + 59.999 + + + + + + + 0 + 0 + 1 + yes + + + DP-1 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + 4480 + 226 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 2560 + 226 + 1 + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + + + 2560 + 228 + 1 + yes + + + DP-2 + GSM + LG ULTRAGEAR + 0x00068c96 + + + 1920 + 1080 + 240.001 + + + + + 4480 + 69 + 1 + + left + no + + + + HDMI-1 + HWP + HP w2207 + CND7332S88 + + + 1680 + 1050 + 59.954 + + + + + 0 + 0 + 1 + + + DP-3 + DEL + DELL U2719D + 8RGXNS2 + + + 2560 + 1440 + 59.951 + + + + + + None-1 + unknown + unknown + unknown + + + + + ''}" + ]; +} From e7a53a5df01b866d9001a21754ba32dceeb72ec8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Jan 2025 13:04:23 -0600 Subject: [PATCH 466/932] updated jellyfin persist folders --- modules/nixos-modules/server/jellyfin.nix | 72 ++++++++++++++--------- 1 file changed, 44 insertions(+), 28 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 6d6874a1..a10470ae 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -7,6 +7,7 @@ jellyfinPort = 8096; jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; + jellyfin_media_directory = "/srv/jellyfin/media"; in { options.host.jellyfin = { enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; @@ -31,34 +32,6 @@ in { ]; } (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = jellyfin_data_directory; - user = "jellyfin"; - group = "jellyfin"; - } - { - directory = jellyfin_cache_directory; - user = "jellyfin"; - group = "jellyfin"; - } - ]; - }; - fileSystems."/persist/system/jellyfin".neededForBoot = true; host.storage.pool.extraDatasets = { @@ -73,6 +46,49 @@ in { }; }; }; + + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + message = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + message = "jellyfin cache directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = jellyfin_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = jellyfin_cache_directory; + user = "jellyfin"; + group = "jellyfin"; + } + ]; + }; + + "/persist/system/jellyfin" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = jellyfin_media_directory; + user = "jellyfin"; + group = "jellyfin_media"; + mode = "1770"; + } + ]; + }; + }; }) ] ); From f55abeb587c81f48f8692d694ad4141ade5e2e13 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Jan 2025 15:06:50 -0600 Subject: [PATCH 467/932] added target to nextcloud proxy --- modules/nixos-modules/server/nextcloud.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index a1ad0cf9..fcc612ba 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -25,7 +25,11 @@ in { }; }; - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = {}; + host = { + reverse_proxy.subdomains.${config.host.nextcloud.subdomain} = { + target = "http://localhost:${toString 8009}"; + }; + }; services = { nextcloud = { @@ -35,6 +39,7 @@ in { settings.log_type = "file"; config = { adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; + adminuser = "admin"; }; }; }; From 266d0f9ec157027401f61257b2e9301325d87833 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 12 Jan 2025 11:31:54 -0600 Subject: [PATCH 468/932] updated flake.lock --- .../home-manager/leyla/packages.nix | 2 +- flake.lock | 48 +++++++++---------- modules/nixos-modules/server/nextcloud.nix | 1 + 3 files changed, 26 insertions(+), 25 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 9593ba0f..597fe2ff 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -63,7 +63,7 @@ in { # development tools # androidStudioPackages.canary - # jetbrains.idea-community + jetbrains.idea-community dbeaver-bin bruno qFlipper diff --git a/flake.lock b/flake.lock index 9fe79624..781f077b 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1735468753, - "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", + "lastModified": 1736591904, + "narHash": "sha256-LFO8pSrPKrH8OPq2HaAuBG5skk8/MNJ/9YmK3KsnSks=", "owner": "nix-community", "repo": "disko", - "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", + "rev": "33827d2bd16bfe2e21b62956526c72d313595dfd", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735926627, - "narHash": "sha256-L8uuPK8ieuNJLbYsZ3nhBZ0+6btvbCqRm9wG51tbOdE=", + "lastModified": 1736568198, + "narHash": "sha256-RBTk5KavYsPZ56m9C2evS4pDkEu3+NdxY6mFNbo8DH8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a3943ec69fff6fb80227e62acca22adc016ada63", + "rev": "7f8746a7ef2d15b8fb4acc63cb0d7e3a407739bf", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1735947440, - "narHash": "sha256-jnEcfmOhWntmVEcqlvs+j532+mvmgsKtQSSfukgkn+A=", + "lastModified": 1736508663, + "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9987622b7b93c82e147f198574e8e6ffbf5e327", + "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1735685839, - "narHash": "sha256-62xAPSs5VRZoPH7eRanUn5S5vZEd+8vM4bD5I+zxokc=", + "lastModified": 1736631212, + "narHash": "sha256-mG9lRZBcPiAGiVJ9B97BJoIGQcSBWIVlBiN30QYCtG0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6a1fdb2a1204c0de038847b601cff5012e162b5e", + "rev": "6ace2f2d12bdf74235d5cbf9fbd34a71c9716685", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1735868868, - "narHash": "sha256-U4Oy2o/CmBg6gexAHamH++52oAgvvEwcq9fkEmcvjyw=", + "lastModified": 1736560114, + "narHash": "sha256-+kL+Nw3eEToKDalXJqa6fjLQqgTftTWLypr4Hj7tFKw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b0f7a59cee0ca77c157ab4e0c60d4a9df6bccb86", + "rev": "e26efb7bac0fcdc28b92596c5c2acaaf4713124f", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1735388221, - "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", + "lastModified": 1736441705, + "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", + "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735834308, - "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", + "lastModified": 1736344531, + "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6df24922a1400241dae323af55f30e4318a6ca65", + "rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1735844895, - "narHash": "sha256-CIRlqX9tBK2awJkmVu2cKuap/0QziDXStQZ/u/+e8Z4=", + "lastModified": 1736515725, + "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", "owner": "Mic92", "repo": "sops-nix", - "rev": "24d89184adf76d7ccc99e659dc5f3838efb5ee32", + "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index fcc612ba..6acd01d7 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -40,6 +40,7 @@ in { config = { adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; adminuser = "admin"; + dbtype = "sqlite"; }; }; }; From 2ecb7e29931883df11e17ba9dc3219048939f992 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Jan 2025 12:02:10 -0600 Subject: [PATCH 469/932] update postgres --- configurations/home-manager/leyla/impermanence.nix | 1 + modules/nixos-modules/server/postgres.nix | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 8cbc2546..29936b51 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -18,6 +18,7 @@ ".bash_history" # keep shell history around ".local/share/recently-used.xbel" # gnome recently viewed files ]; + allowOther = true; }; }; } diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 450fafab..8d57d429 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -4,7 +4,7 @@ pkgs, ... }: let - dataDir = "/var/lib/postgresql/15"; + dataDir = "/var/lib/postgresql/16"; adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); @@ -55,7 +55,7 @@ in { services = { postgresql = { enable = true; - package = pkgs.postgresql_15; + package = pkgs.postgresql_16; ensureUsers = [ { From cd825313dcd0cecae826e37cc4c55b6a7c146314 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Jan 2025 13:00:53 -0600 Subject: [PATCH 470/932] added programs.fuse.userAllowOther to impermanence module --- modules/nixos-modules/impermanence.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 66139ce7..008f0608 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -25,6 +25,8 @@ } ]; + programs.fuse.userAllowOther = true; + boot.initrd.postResumeCommands = lib.mkAfter '' zfs rollback -r rpool/local/system/root@blank ''; From 4d0aa119b07b37b8a1b7606693b465f6966ac42d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Jan 2025 15:56:40 -0600 Subject: [PATCH 471/932] removed ester user --- .../darwin/hesperium/configuration.nix | 4 - configurations/home-manager/default.nix | 1 - configurations/home-manager/ester/default.nix | 78 ------------------- .../nixos/defiant/configuration.nix | 7 +- .../nixos/horizon/configuration.nix | 1 - .../nixos/horizon/hardware-configuration.nix | 6 -- .../nixos/twilight/configuration.nix | 1 - modules/darwin-modules/users.nix | 4 - modules/nixos-modules/users.nix | 28 ------- modules/system-modules/users.nix | 5 -- 10 files changed, 1 insertion(+), 134 deletions(-) delete mode 100644 configurations/home-manager/ester/default.nix diff --git a/configurations/darwin/hesperium/configuration.nix b/configurations/darwin/hesperium/configuration.nix index 08fc59f0..f8af5c8b 100644 --- a/configurations/darwin/hesperium/configuration.nix +++ b/configurations/darwin/hesperium/configuration.nix @@ -6,10 +6,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester = { - isPrincipleUser = true; - isNormalUser = true; - }; eve.isNormalUser = false; }; }; diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index 587d1c2a..3aa4c0e1 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -6,6 +6,5 @@ users = config.host.users; in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); - ester = lib.mkIf users.ester.isNormalUser (import ./ester); eve = lib.mkIf users.eve.isNormalUser (import ./eve); } diff --git a/configurations/home-manager/ester/default.nix b/configurations/home-manager/ester/default.nix deleted file mode 100644 index 181a4872..00000000 --- a/configurations/home-manager/ester/default.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - pkgs, - lib, - osConfig, - ... -}: let - userConfig = osConfig.host.users.ester; -in { - imports = []; - - config = { - home = { - username = userConfig.name; - homeDirectory = osConfig.users.users.ester.home; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - keyboard.layout = "it,us"; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/ester/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - - packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - # helvetica font - aileron - - firefox - bitwarden - discord - ] - ); - }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - }; - }; -} diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f60e1461..ca24db1e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -44,11 +44,6 @@ user = "eve"; group = "eve"; } - { - folder = "ester"; - user = "ester"; - group = "ester"; - } { folder = "users"; user = "root"; @@ -57,7 +52,7 @@ ]; nfs = { enable = true; - directories = ["leyla" "eve" "ester"]; + directories = ["leyla" "eve"]; }; }; reverse_proxy = { diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 0c48bb38..232456c6 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -16,7 +16,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester.isDesktopUser = true; eve.isDesktopUser = true; }; sync = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index a30decba..ca6bf4b2 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -50,12 +50,6 @@ options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/ester_home" = { - device = "defiant:/exports/ester"; - fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; - }; - "/mnt/users_home" = { device = "defiant:/exports/users"; fsType = "nfs"; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 18e9972c..c2881498 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -12,7 +12,6 @@ isTerminalUser = true; isPrincipleUser = true; }; - ester.isDesktopUser = true; eve.isDesktopUser = true; }; hardware = { diff --git a/modules/darwin-modules/users.nix b/modules/darwin-modules/users.nix index f0b55c0e..72fd1b1c 100644 --- a/modules/darwin-modules/users.nix +++ b/modules/darwin-modules/users.nix @@ -11,10 +11,6 @@ in { name = lib.mkForce host.users.leyla.name; home = lib.mkForce "/home/${host.users.leyla.name}"; }; - ester = { - name = lib.mkForce host.users.ester.name; - home = lib.mkForce "/home/${host.users.ester.name}"; - }; }; }; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index c3a316e3..5cfa7fbe 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -14,7 +14,6 @@ uids = { leyla = 1000; - ester = 1001; eve = 1002; jellyfin = 2000; forgejo = 2002; @@ -27,7 +26,6 @@ gids = { leyla = 1000; - ester = 1001; eve = 1002; users = 100; jellyfin_media = 2001; @@ -42,7 +40,6 @@ users = config.users.users; leyla = users.leyla.name; - ester = users.ester.name; eve = users.eve.name; in { config = lib.mkMerge [ @@ -77,10 +74,6 @@ in { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; - "passwords/ester" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; "passwords/eve" = { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; @@ -105,17 +98,6 @@ in { group = config.users.users.leyla.name; }; - ester = { - uid = lib.mkForce uids.ester; - name = lib.mkForce host.users.ester.name; - description = "Ester"; - extraGroups = lib.optionals host.users.ester.isNormalUser ["networkmanager"]; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; - isNormalUser = host.users.ester.isNormalUser; - isSystemUser = !host.users.ester.isNormalUser; - group = config.users.users.ester.name; - }; - eve = { uid = lib.mkForce uids.eve; name = lib.mkForce host.users.eve.name; @@ -178,13 +160,6 @@ in { ]; }; - ester = { - gid = lib.mkForce gids.ester; - members = [ - ester - ]; - }; - eve = { gid = lib.mkForce gids.eve; members = [ @@ -196,7 +171,6 @@ in { gid = lib.mkForce gids.users; members = [ leyla - ester eve ]; }; @@ -206,7 +180,6 @@ in { members = [ users.jellyfin.name leyla - ester eve ]; }; @@ -264,7 +237,6 @@ in { members = [ users.syncthing.name leyla - ester eve ]; }; diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index fe88850d..cd9c9000 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -84,11 +84,6 @@ in { isDesktopUser = lib.mkDefault false; isTerminalUser = lib.mkDefault false; }; - ester = { - isPrincipleUser = lib.mkDefault false; - isDesktopUser = lib.mkDefault false; - isTerminalUser = lib.mkDefault false; - }; eve = { isPrincipleUser = lib.mkDefault false; isDesktopUser = lib.mkDefault false; From b6605dff271f803e4f0cfc2b430e44ab6c2d25b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Jan 2025 13:59:22 -0600 Subject: [PATCH 472/932] fixed permissions on fail2ban database file --- modules/nixos-modules/server/fail2ban.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index e59d8a51..39a8fd27 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -3,7 +3,8 @@ config, ... }: let - dataFile = "/var/lib/fail2ban/fail2ban.sqlite3"; + dataFolder = "/var/lib/fail2ban"; + dataFile = "fail2ban.sqlite3"; in { options.host.fail2ban = { enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; @@ -89,7 +90,7 @@ in { (lib.mkIf config.host.impermanence.enable { assertions = [ { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == dataFile; + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; message = "fail2ban data file does not match persistence"; } ]; @@ -97,8 +98,12 @@ in { environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; - files = [ - dataFile + directories = [ + { + directory = dataFolder; + user = "fail2ban"; + group = "fail2ban"; + } ]; }; }) From 95c84185914453d3cfaa7e5ca2cb9f70240dfdba Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 29 Jan 2025 19:07:49 -0600 Subject: [PATCH 473/932] installed ollama --- configurations/home-manager/leyla/vscode.nix | 12 ++++++++++++ configurations/nixos/horizon/configuration.nix | 9 +++++++++ configurations/nixos/twilight/configuration.nix | 10 ++++++++++ 3 files changed, 31 insertions(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index d921604f..c9d779d1 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -52,6 +52,13 @@ in { "expr" = "import {}"; }; }) + (lib.mkIf osConfig.services.ollama.enable { + "twinny.fileContextEnabled" = true; + "twinny.enableLogging" = false; + "twinny.completionCacheEnabled" = true; + + # builtins.elemAt osConfig.services.ollama.loadModels 0; + }) ]; extensions = ( @@ -84,6 +91,11 @@ in { # misc extensions bungcip.better-toml ] + ++ ( + lib.lists.optionals osConfig.services.ollama.enable [ + rjmacarthy.twinny + ] + ) ++ (lib.lists.optionals nix-development-enabled [ # nix extensions pinage404.nix-extension-pack diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 232456c6..73b0fef7 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -38,6 +38,15 @@ programs.adb.enable = true; + services.ollama = { + enable = true; + + loadModels = [ + "deepseek-coder:1.3b" + "deepseek-r1:1.5b" + ]; + }; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index c2881498..4667ee41 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -22,6 +22,16 @@ }; }; + services.ollama = { + enable = true; + + loadModels = [ + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:70b" + ]; + }; + # enabled virtualisation for docker # virtualisation.docker.enable = true; From f623a33863a1d2c59266df466287670e0c88d2f0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 29 Jan 2025 19:43:02 -0600 Subject: [PATCH 474/932] updated models listed for different configurations --- configurations/nixos/defiant/configuration.nix | 11 +++++++++++ configurations/nixos/twilight/configuration.nix | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ca24db1e..73637720 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -127,6 +127,17 @@ # Get rid of xTerm excludePackages = [pkgs.xterm]; }; + + ollama = { + enable = true; + + loadModels = [ + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:32b" + "deepseek-r1:70b" + ]; + }; }; # disable computer sleeping diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 4667ee41..bf42209f 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -28,7 +28,7 @@ loadModels = [ "deepseek-coder:6.7b" "deepseek-r1:8b" - "deepseek-r1:70b" + "deepseek-r1:32b" ]; }; From aaaf7514357ffe90626042d41697f7cca8f95e8a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Feb 2025 19:48:53 -0600 Subject: [PATCH 475/932] added ollama configs --- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/ollama.nix | 27 +++++++++++++++++++++++++++ modules/nixos-modules/users.nix | 15 +++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 modules/nixos-modules/ollama.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 63b2757c..371a1561 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -11,6 +11,7 @@ ./sync.nix ./impermanence.nix ./disko.nix + ./ollama.nix ./server ]; diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix new file mode 100644 index 00000000..5cdc041f --- /dev/null +++ b/modules/nixos-modules/ollama.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: { + config = lib.mkMerge [ + { + services.ollama = { + group = "ollama"; + user = "ollama"; + }; + } + (lib.mkIf config.host.impermanence.enable (lib.mkIf config.services.ollama.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.ollama.models; + user = config.services.ollama.user; + group = config.services.ollama.group; + } + ]; + }; + })) + ]; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 5cfa7fbe..15631a92 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -22,6 +22,7 @@ headscale = 2005; nextcloud = 2006; syncthing = 2007; + ollama = 2008; }; gids = { @@ -36,6 +37,7 @@ headscale = 2005; nextcloud = 2006; syncthing = 2007; + ollama = 2008; }; users = config.users.users; @@ -150,6 +152,12 @@ in { isSystemUser = true; group = config.users.users.syncthing.name; }; + + ollama = { + uid = lib.mkForce uids.ollama; + isSystemUser = true; + group = config.users.users.ollama.name; + }; }; groups = { @@ -240,6 +248,13 @@ in { eve ]; }; + + ollama = { + gid = lib.mkForce gids.ollama; + members = [ + users.ollama.name + ]; + }; }; }; } From 561766c67671a2553161e6e4be2c88dd3edf2092 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Feb 2025 19:51:33 -0600 Subject: [PATCH 476/932] added more network card configuration --- .../nixos/defiant/hardware-configuration.nix | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index 425cbc22..f312f889 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -35,6 +35,12 @@ networking = { hostName = "defiant"; # Define your hostname. useNetworkd = true; + interfaces = { + bond0.useDHCP = lib.mkDefault true; + bonding_masters.useDHCP = lib.mkDefault true; + enol.useDHCP = lib.mkDefault true; + eno2.useDHCP = lib.mkDefault true; + }; }; systemd.network = { @@ -57,12 +63,20 @@ "30-enp4s0" = { matchConfig.Name = "enp4s0"; networkConfig.Bond = "bond0"; - DHCP = "no"; + + address = [ + # configure addresses including subnet mask + "192.168.2.1/24" + ]; }; "30-enp5s0" = { matchConfig.Name = "enp5s0"; networkConfig.Bond = "bond0"; - DHCP = "no"; + + address = [ + # configure addresses including subnet mask + "192.168.2.2/24" + ]; }; "40-bond0" = { @@ -74,7 +88,6 @@ address = [ # configure addresses including subnet mask "192.168.1.10/24" - # TODO: ipv6 address configuration ]; }; }; From 07514ed043d473e9a7eb5400bffcf861abe48833 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Feb 2025 18:23:36 -0600 Subject: [PATCH 477/932] added fprintd to horizon --- configurations/nixos/horizon/configuration.nix | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 73b0fef7..ee32059f 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -38,13 +38,19 @@ programs.adb.enable = true; - services.ollama = { - enable = true; + services = { + # sudo fprintd-enroll + fprintd = { + enable = true; + }; + ollama = { + enable = true; - loadModels = [ - "deepseek-coder:1.3b" - "deepseek-r1:1.5b" - ]; + loadModels = [ + "deepseek-coder:1.3b" + "deepseek-r1:1.5b" + ]; + }; }; # Enable touchpad support (enabled default in most desktopManager). From e6a738f3f6e632513e474881b140f858cc8bb927 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Feb 2025 13:32:11 -0600 Subject: [PATCH 478/932] added cuda acceleration to twilight --- configurations/nixos/twilight/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index bf42209f..985f9ce2 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -30,6 +30,8 @@ "deepseek-r1:8b" "deepseek-r1:32b" ]; + + acceleration = "cuda"; }; # enabled virtualisation for docker From c7766de8bb6ffe62eb6003af68c232e532685301 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 19:55:02 -0600 Subject: [PATCH 479/932] added back lix --- flake.lock | 86 +++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 5 +++ util/default.nix | 2 ++ 3 files changed, 92 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 781f077b..5707998b 100644 --- a/flake.lock +++ b/flake.lock @@ -93,6 +93,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -107,6 +125,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -142,6 +175,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1737234286, + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737237494, + "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", + "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -165,7 +233,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -223,6 +291,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -281,6 +350,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 1849afca..a4e97a82 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,11 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # secret encryption sops-nix = { url = "github:Mic92/sops-nix"; diff --git a/util/default.nix b/util/default.nix index 33942a8c..6f9e08a2 100644 --- a/util/default.nix +++ b/util/default.nix @@ -9,6 +9,7 @@ sops-nix = inputs.sops-nix; disko = inputs.disko; impermanence = inputs.impermanence; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -76,6 +77,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From a99b35d1b18ae88b6410b2b0dd41168d77f15f5c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 20:41:39 -0600 Subject: [PATCH 480/932] temp disabled lix --- flake.lock | 86 +----------------------------------------------- flake.nix | 9 ++--- util/default.nix | 4 +-- 3 files changed, 8 insertions(+), 91 deletions(-) diff --git a/flake.lock b/flake.lock index 5707998b..781f077b 100644 --- a/flake.lock +++ b/flake.lock @@ -93,24 +93,6 @@ "inputs": { "systems": "systems" }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -125,21 +107,6 @@ "type": "github" } }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -175,41 +142,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737237494, - "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", - "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -233,7 +165,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -291,7 +223,6 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -350,21 +281,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index a4e97a82..96cc582c 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,11 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # TODO: figure out why things fail to build with lix + # lix-module = { + # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index 6f9e08a2..3c35b0ef 100644 --- a/util/default.nix +++ b/util/default.nix @@ -9,7 +9,7 @@ sops-nix = inputs.sops-nix; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -77,7 +77,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 9895ae6899adf2eebb734ee9110a157fd0e35a81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 20:52:00 -0600 Subject: [PATCH 481/932] updated flake.lock --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 781f077b..b3babe3b 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1736591904, - "narHash": "sha256-LFO8pSrPKrH8OPq2HaAuBG5skk8/MNJ/9YmK3KsnSks=", + "lastModified": 1739353546, + "narHash": "sha256-YTqXhBZvCdZLMBupWlCDvRFaTEhaHa2/Xc/p1sUdSZU=", "owner": "nix-community", "repo": "disko", - "rev": "33827d2bd16bfe2e21b62956526c72d313595dfd", + "rev": "26ade1005191e0602a78b0f141970648445bafd9", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1736568198, - "narHash": "sha256-RBTk5KavYsPZ56m9C2evS4pDkEu3+NdxY6mFNbo8DH8=", + "lastModified": 1739399387, + "narHash": "sha256-7oXm3SXUZLwLG9ks5SWOZJTmogocrTXM1SVTFZ9xrno=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7f8746a7ef2d15b8fb4acc63cb0d7e3a407739bf", + "rev": "4d32808bd51c7349ce036b7a037fb56d5e7c06ae", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1736508663, - "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", + "lastModified": 1739381933, + "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=", "owner": "nix-community", "repo": "home-manager", - "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", + "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba", "type": "github" }, "original": { @@ -129,11 +129,11 @@ }, "impermanence": { "locked": { - "lastModified": 1734945620, - "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "owner": "nix-community", "repo": "impermanence", - "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1736631212, - "narHash": "sha256-mG9lRZBcPiAGiVJ9B97BJoIGQcSBWIVlBiN30QYCtG0=", + "lastModified": 1739302241, + "narHash": "sha256-NXQXFU6HOschZ+8ZKrNOlwlHelez8vPl+dCiUaJ82/U=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6ace2f2d12bdf74235d5cbf9fbd34a71c9716685", + "rev": "a6746213b138fe7add88b19bafacd446de574ca7", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1736560114, - "narHash": "sha256-+kL+Nw3eEToKDalXJqa6fjLQqgTftTWLypr4Hj7tFKw=", + "lastModified": 1739411363, + "narHash": "sha256-QAXvfAXyBtMOdBAz+ivmVVk9V7/d3nSgFprH4C0XOr0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "e26efb7bac0fcdc28b92596c5c2acaaf4713124f", + "rev": "142aabf9bb589535f150afff4a439f39bd04c21e", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1736441705, - "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=", + "lastModified": 1738816619, + "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337", + "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736344531, - "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", + "lastModified": 1739214665, + "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912", + "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1736515725, - "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", + "lastModified": 1739262228, + "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", + "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", "type": "github" }, "original": { From a3d065d674b0ba31a658812a6f56d37a66662976 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 12 Feb 2025 21:34:48 -0600 Subject: [PATCH 482/932] renamed mounts on horizon --- .../nixos/horizon/hardware-configuration.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index ca6bf4b2..48a46808 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -38,37 +38,37 @@ fsType = "vfat"; }; - "/mnt/leyla_home" = { + "/mnt/new_leyla_home" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/eve_home" = { + "/mnt/new_eve_home" = { device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/users_home" = { + "/mnt/new_users_home" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/legacy_leyla_home" = { + "/mnt/leyla_home" = { device = "server.arpa:/home/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/legacy_share_home" = { + "/mnt/share_home" = { device = "server.arpa:/home/share"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/legacy_docker_home" = { + "/mnt/docker_home" = { device = "server.arpa:/home/docker"; fsType = "nfs"; options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; From 4c1d84928d3b63f1f4242db2e39c2d77fc571472 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 13 Feb 2025 15:14:44 -0600 Subject: [PATCH 483/932] installed ungoogled-chromium on eve user --- configurations/home-manager/eve/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 0c6c0b2d..97b72e3f 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -63,6 +63,7 @@ in { discord makemkv signal-desktop + ungoogled-chromium ] ); }; From 9aa469779068c1fed14caea3746362959b8349ad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 18:23:34 -0600 Subject: [PATCH 484/932] added leyla@twilight to authorizedKeys --- configurations/home-manager/leyla/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index bb65a352..20fc7eb8 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -111,6 +111,7 @@ authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" ]; hostKeys = [ { From 64856bd72687748b4579ea102388fbb4d6b2e6e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 23:26:24 -0600 Subject: [PATCH 485/932] moved dconf.nix to own file --- configurations/home-manager/leyla/dconf.nix | 106 ++++++++++++++++++ configurations/home-manager/leyla/default.nix | 42 +------ 2 files changed, 107 insertions(+), 41 deletions(-) create mode 100644 configurations/home-manager/leyla/dconf.nix diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix new file mode 100644 index 00000000..19a60c7f --- /dev/null +++ b/configurations/home-manager/leyla/dconf.nix @@ -0,0 +1,106 @@ +{ + lib, + pkgs, + ... +}: { + config = { + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = false; + "show-mounts" = false; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; + + "org/gnome/shell" = { + favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; + # app-picker-layout = + # builtins.map ( + # applications: + # lib.hm.gvariant (builtins.listToAttrs (lib.lists.imap0 (i: v: lib.attrsets.nameValuePair v (lib.hm.gvariant.mkVariant "{'position': <${i}>}")) applications)) + # ) [ + # [ + # "org.gnome.Nautilus.desktop" + # "bitwarden.desktop" + # "firefox.desktop" + # "torbrowser.desktop" + # "chromium-browser.desktop" + # "codium.desktop" + # "idea-community.desktop" + # "org.gnome.TextEditor.desktop" + # "dbeaver.desktop" + # "bruno.desktop" + # "anki.desktop" + # "obsidian.desktop" + # "signal-desktop.desktop" + # "discord.desktop" + # "gimp.desktop" + # "org.inkscape.Inkscape.desktop" + # "org.kde.krita.desktop" + # "davinci-resolve.desktop" + # "com.obsproject.Studio.desktop" + # "org.freecad.FreeCAD.desktop" + # "makemkv.desktop" + # "easytag.desktop" + # "transmission-gtk.desktop" + # ] + # [ + # "SteamVR.desktop" + # "Beat Saber.desktop" + # "Noun Town.desktop" + # "WEBFISHING.desktop" + # "Factorio.desktop" + # ] + # [ + # "org.gnome.Settings.desktop" + # "org.gnome.SystemMonitor.desktop" + # "org.gnome.Snapshot.desktop" + # "org.gnome.Usage.desktop" + # "org.gnome.DiskUtility.desktop" + # "org.gnome.Evince.desktop" + # "org.gnome.fonts.desktop" + # "noisetorch.desktop" + # "nvidia-settings.desktop" + # "OpnRGB.desktop" + # "org.freedesktop.Piper.desktop" + # "via-nativia.desktop" + # "protonvpn-app.desktop" + # "simple-scan.desktop" + # ] + # ]; + }; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 20fc7eb8..f2c14e16 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,5 +1,4 @@ { - pkgs, osConfig, config, ... @@ -8,6 +7,7 @@ ./i18n.nix ./packages.nix ./impermanence.nix + ./dconf.nix ]; config = { @@ -121,45 +121,5 @@ ]; }; }; - - dconf = { - enable = true; - settings = { - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; - - "org/gnome/shell/extensions/dash-to-dock" = { - "dock-position" = "LEFT"; - "intellihide-mode" = "ALL_WINDOWS"; - "show-trash" = false; - "require-pressure-to-show" = false; - "show-mounts" = false; - }; - - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; - }; - }; - }; }; } From 2dccc10b4429892d47712e81e00e5c0139f8a631 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 23:28:15 -0600 Subject: [PATCH 486/932] removed cuda from twilight ollama --- configurations/nixos/twilight/configuration.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 985f9ce2..bf42209f 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -30,8 +30,6 @@ "deepseek-r1:8b" "deepseek-r1:32b" ]; - - acceleration = "cuda"; }; # enabled virtualisation for docker From 3dc579073d18dee1f9218e60746a466c1fb7c369 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Feb 2025 23:30:05 -0600 Subject: [PATCH 487/932] added reasons for every package in dev shell --- flake.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 96cc582c..fd46f2fe 100644 --- a/flake.nix +++ b/flake.nix @@ -125,10 +125,15 @@ devShells = forEachPkgs (pkgs: { default = pkgs.mkShell { packages = with pkgs; [ + # for version controlling this repo git - sops + # for formatting code in this repo alejandra + # for editing secrets in the secrets repo + sops + # for viewing configuration options defined in this repo nix-inspect + # for installing flakes from this repo onto other systems nixos-anywhere ]; From 6d776eabcb7ddb6141c471eedb3ea33c46ca12ce Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Feb 2025 19:12:36 -0600 Subject: [PATCH 488/932] fixed steam in twilight --- .../home-manager/leyla/packages.nix | 2 +- .../nixos/twilight/configuration.nix | 6 ++++ flake.lock | 36 +++++++++---------- 3 files changed, 25 insertions(+), 19 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 597fe2ff..06672609 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -56,7 +56,7 @@ in { # proprietary platforms discord obsidian - steam + # steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) anki diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index bf42209f..2735f204 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -32,6 +32,12 @@ ]; }; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/flake.lock b/flake.lock index b3babe3b..2b76fbfa 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1739353546, - "narHash": "sha256-YTqXhBZvCdZLMBupWlCDvRFaTEhaHa2/Xc/p1sUdSZU=", + "lastModified": 1739634831, + "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=", "owner": "nix-community", "repo": "disko", - "rev": "26ade1005191e0602a78b0f141970648445bafd9", + "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1739399387, - "narHash": "sha256-7oXm3SXUZLwLG9ks5SWOZJTmogocrTXM1SVTFZ9xrno=", + "lastModified": 1739658907, + "narHash": "sha256-1FjsTgkNpgKUBRiXFbUXXSIw4W4/b11tpj2/F2+8C2A=", "owner": "rycee", "repo": "nur-expressions", - "rev": "4d32808bd51c7349ce036b7a037fb56d5e7c06ae", + "rev": "1da2d9b1c5a10f43a0000ebe3d22ea924ee98ecb", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1739381933, - "narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=", + "lastModified": 1739658904, + "narHash": "sha256-2o/JuD6qD0CtPNVvdPNL3bEDFITaSfSLceajHcIzmw4=", "owner": "nix-community", "repo": "home-manager", - "rev": "15b59d4191b993ebdfcb1f61b834fced217882ba", + "rev": "45c07fcf7d28b5fb3ee189c260dee0a2e4d14317", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1739302241, - "narHash": "sha256-NXQXFU6HOschZ+8ZKrNOlwlHelez8vPl+dCiUaJ82/U=", + "lastModified": 1739548217, + "narHash": "sha256-rlv64erpr36xdmMDPgf9rhRXBYZ0BZb5nrw2ZPSk1sQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "a6746213b138fe7add88b19bafacd446de574ca7", + "rev": "678b22642abde2ee77ae2218ab41d802f010e5b0", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1739411363, - "narHash": "sha256-QAXvfAXyBtMOdBAz+ivmVVk9V7/d3nSgFprH4C0XOr0=", + "lastModified": 1739584108, + "narHash": "sha256-vnZZZNPDYofQOuSQODd0uz3ToZnZIYV5snQH37tCEOA=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "142aabf9bb589535f150afff4a439f39bd04c21e", + "rev": "80eb37310c3d73b93d3b2e1005a2b742192f514e", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739214665, - "narHash": "sha256-26L8VAu3/1YRxS8MHgBOyOM8xALdo6N0I04PgorE7UM=", + "lastModified": 1739446958, + "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "64e75cd44acf21c7933d61d7721e812eac1b5a0a", + "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", "type": "github" }, "original": { From 4ed1972ffa5f8e5dfba4e58db68ecd6955e12b9d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Feb 2025 20:49:50 -0600 Subject: [PATCH 489/932] set owner of generated ssh keys --- modules/home-manager-modules/openssh.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index df788287..7b646b81 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -77,6 +77,8 @@ ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ -f "${path}" \ -N "" + chown ${config.home.username} ${path}* + chgrp ${config.home.username} ${path}* fi '' }"; From 00a169a1309816f77b6d77b16c6c98631377b91d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Feb 2025 19:32:01 -0600 Subject: [PATCH 490/932] disabled registration on forgejo --- modules/nixos-modules/server/forgejo.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index fa8ebb6a..cba53134 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -43,6 +43,9 @@ in { DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; HTTP_PORT = forgejoPort; }; + service = { + DISABLE_REGISTRATION = true; + }; }; }; } From ca20590d140b4d41b82a16029d7fbd3403f4ac55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Feb 2025 18:33:35 -0600 Subject: [PATCH 491/932] removed unused value --- configurations/home-manager/leyla/dconf.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 19a60c7f..a960d752 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,8 +1,4 @@ -{ - lib, - pkgs, - ... -}: { +{pkgs, ...}: { config = { dconf = { enable = true; From c6bdff8603e3beaf17fd87a3e3261ab68a12e0dc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 20 Feb 2025 19:48:52 -0600 Subject: [PATCH 492/932] drafted up ssh config for forgejo --- configurations/nixos/horizon/configuration.nix | 8 ++++++++ modules/nixos-modules/server/forgejo.nix | 18 +++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index ee32059f..8638145d 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -53,6 +53,14 @@ }; }; + # networking.extraHosts = '' + # # 192.168.1.204 jan-leila.com + # 192.168.1.204 media.jan-leila.com + # # 192.168.1.204 drive.jan-leila.com + # 192.168.1.204 git.jan-leila.com + # # 192.168.1.204 search.jan-leila.com + # ''; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index cba53134..db1549d6 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -5,6 +5,8 @@ }: let forgejoPort = 8081; stateDir = "/var/lib/forgejo"; + db_user = "forgejo"; + sshPort = 2222; in { options.host.forgejo = { enable = lib.mkEnableOption "should forgejo be enabled on this computer"; @@ -24,7 +26,7 @@ in { postgres = { enable = true; extraUsers = { - forgejo = { + ${db_user} = { isClient = true; }; }; @@ -42,12 +44,26 @@ in { server = { DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; HTTP_PORT = forgejoPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys + BUILTIN_SSH_SERVER_USER = "git"; }; service = { DISABLE_REGISTRATION = true; }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; }; }; + + networking.firewall.allowedTCPPorts = [ + config.services.forgejo.settings.server.SSH_LISTEN_PORT + ]; } (lib.mkIf config.host.impermanence.enable { assertions = [ From bc71cc2a63d666eda4b6774c42c9369be661caff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Feb 2025 17:00:33 -0600 Subject: [PATCH 493/932] updated firefox flake --- configurations/home-manager/leyla/firefox.nix | 2 +- flake.lock | 42 +++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index e8e0c6cd..3f6a09ce 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -50,7 +50,7 @@ }; }; - extensions = with inputs.firefox-addons.packages.${pkgs.system}; [ + extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ bitwarden terms-of-service-didnt-read multi-account-containers diff --git a/flake.lock b/flake.lock index 2b76fbfa..25eef18a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1739634831, - "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=", + "lastModified": 1739841949, + "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=", "owner": "nix-community", "repo": "disko", - "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142", + "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1739658907, - "narHash": "sha256-1FjsTgkNpgKUBRiXFbUXXSIw4W4/b11tpj2/F2+8C2A=", + "lastModified": 1740164177, + "narHash": "sha256-hNEgYjKKkSICKrmyLBK+Ght7KGxOryiSGiTRViUrKWw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "1da2d9b1c5a10f43a0000ebe3d22ea924ee98ecb", + "rev": "16c8c7e376b09119913bbc4d8e6852b7918ca7cc", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1739658904, - "narHash": "sha256-2o/JuD6qD0CtPNVvdPNL3bEDFITaSfSLceajHcIzmw4=", + "lastModified": 1740177427, + "narHash": "sha256-1xUiN0Yvvl/r+XyyXiJHxw64FwUGBfKF+XA7Ugm8ElU=", "owner": "nix-community", "repo": "home-manager", - "rev": "45c07fcf7d28b5fb3ee189c260dee0a2e4d14317", + "rev": "9f74e14a2d9af4c6f2024cca7813b830b020f45e", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1739548217, - "narHash": "sha256-rlv64erpr36xdmMDPgf9rhRXBYZ0BZb5nrw2ZPSk1sQ=", + "lastModified": 1739933872, + "narHash": "sha256-UhuvTR4OrWR+WBaRCZm4YMkvjJhZ1KZo/jRjE41m+Ek=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "678b22642abde2ee77ae2218ab41d802f010e5b0", + "rev": "6ab392f626a19f1122d1955c401286e1b7cf6b53", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1739584108, - "narHash": "sha256-vnZZZNPDYofQOuSQODd0uz3ToZnZIYV5snQH37tCEOA=", + "lastModified": 1740102704, + "narHash": "sha256-Gs3BREQKsFcfkFyes2PTq1tNAkMHq8Tq0bYME7ZhyjY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "80eb37310c3d73b93d3b2e1005a2b742192f514e", + "rev": "1262db8fa5e165ed5da3d91ec8202bfe640264ef", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1738816619, - "narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=", + "lastModified": 1740089251, + "narHash": "sha256-Y78mDBWoO8CLLTjQfPfII+KXFb6lAmF9GrLbyVBsIMM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2eccff41bab80839b1d25b303b53d339fbb07087", + "rev": "18e9f9753e9ae261bcc7d3abe15745686991fd30", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739446958, - "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", + "lastModified": 1739866667, + "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", + "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680", "type": "github" }, "original": { From c851a1baeb80eb2360186f49ca2e993d5997d553 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Feb 2025 17:13:50 -0600 Subject: [PATCH 494/932] removed home-manager.useGlobalPkgs --- configurations/home-manager/eve/default.nix | 118 +++++++++--------- .../home-manager/leyla/packages.nix | 4 + .../nixos/defiant/configuration.nix | 2 - .../nixos/horizon/configuration.nix | 2 - util/default.nix | 1 - 5 files changed, 63 insertions(+), 64 deletions(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 97b72e3f..3042382a 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -6,71 +6,71 @@ }: let userConfig = osConfig.host.users.eve; in { - imports = []; + nixpkgs.config = { + allowUnfree = true; + }; - config = { - home = { - username = userConfig.name; - homeDirectory = osConfig.users.users.eve.home; + home = { + username = userConfig.name; + homeDirectory = osConfig.users.users.eve.home; - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - - packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop - ungoogled-chromium - ] - ); + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; }; - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; }; + + packages = lib.lists.optionals userConfig.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ungoogled-chromium + ] + ); + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; }; } diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 06672609..11c7af1e 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -12,6 +12,10 @@ in { ./firefox.nix ]; + nixpkgs.config = { + allowUnfree = true; + }; + home = { packages = lib.lists.optionals userConfig.isTerminalUser ( diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 73637720..155b35be 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,7 +1,5 @@ # server nas {pkgs, ...}: { - nixpkgs.config.allowUnfree = true; - host = { users = { leyla = { diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8638145d..75657d2b 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -7,8 +7,6 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ]; - nixpkgs.config.allowUnfree = true; - host = { users = { leyla = { diff --git a/util/default.nix b/util/default.nix index 3c35b0ef..02e71556 100644 --- a/util/default.nix +++ b/util/default.nix @@ -33,7 +33,6 @@ ]; home-manager-config = nixpkgs: { - home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = {inherit inputs outputs util;}; From 489106956b7749431c35c35f3d1d230f8f1c6e5d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Feb 2025 17:00:05 -0600 Subject: [PATCH 495/932] added wireguard sops config --- .sops.yaml | 4 +++ README.md | 2 +- .../nixos/horizon/hardware-configuration.nix | 5 ++++ flake.lock | 26 +++++++++---------- 4 files changed, 23 insertions(+), 14 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index e9ddb561..3f54dccd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,3 +9,7 @@ creation_rules: key_groups: - age: - *leyla + - path_regex: secrets/wireguard-keys.yaml$ + key_groups: + - age: + - *leyla diff --git a/README.md b/README.md index 4798a5df..c59d815d 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home `./install.sh --target 192.168.1.130 --flake hostname` ## Updating Secrets -`sops -c sops secrets/secrets_file_here.yaml` +`sops secrets/secrets_file_here.yaml` ## Inspecting a configuration `nix-inspect -p .` diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 48a46808..c94d1503 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -89,6 +89,11 @@ networkmanager.enable = true; useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. + + wireguard.interfaces = { + proton = { + }; + }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/flake.lock b/flake.lock index 25eef18a..e563eb0f 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1740164177, - "narHash": "sha256-hNEgYjKKkSICKrmyLBK+Ght7KGxOryiSGiTRViUrKWw=", + "lastModified": 1740212040, + "narHash": "sha256-Gpvn9Z+ZgKPyb6qaAbahLbo6ZVj7VuLzSCmHZRvsACA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "16c8c7e376b09119913bbc4d8e6852b7918ca7cc", + "rev": "9a8a0914000e4453c99a4c12e9862a0a40075851", "type": "gitlab" }, "original": { @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740177427, - "narHash": "sha256-1xUiN0Yvvl/r+XyyXiJHxw64FwUGBfKF+XA7Ugm8ElU=", + "lastModified": 1740254115, + "narHash": "sha256-MwxDtYB/MSGZlr/xS+ExGYH2QgHk73ShD40shxjad/Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "9f74e14a2d9af4c6f2024cca7813b830b020f45e", + "rev": "cb3f6e9b59d3a5e51ef9f7da2b8418d5c72aaef8", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1740102704, - "narHash": "sha256-Gs3BREQKsFcfkFyes2PTq1tNAkMHq8Tq0bYME7ZhyjY=", + "lastModified": 1740188781, + "narHash": "sha256-3FDg6k9kQXq5M6ZHc2f9KsPydvWBtqacU9lWA7nIFYI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1262db8fa5e165ed5da3d91ec8202bfe640264ef", + "rev": "ba52a14c907e0cece9734e0ff59c3c742b6b1075", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1730665670, - "narHash": "sha256-MMwH5IcaslEWqeHaNqSjAsGWoS2NJ5qiIE7RLiJG+28=", + "lastModified": 1740265180, + "narHash": "sha256-VcS1aWKZQG1Com/OgL8RbTSG7IJphNLkFXAcFer0cMQ=", "ref": "refs/heads/main", - "rev": "ef623d6a9e25c1f0ec9d282ab5ed5dff54674816", - "revCount": 6, + "rev": "5ec7b1181a3ce76c8238819195f7e55f51407463", + "revCount": 7, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, From 9471b1f393f50a890064800fdc70dbe770e84df9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Feb 2025 17:38:02 -0600 Subject: [PATCH 496/932] added wireguard config --- README.md | 3 ++- .../nixos/horizon/hardware-configuration.nix | 24 ++++++++++++++++++- flake.lock | 14 +++++------ 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c59d815d..69f4e263 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Open GL? - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- tail scale clients +- common wireguard config +- configure wireguard on all clients - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index c94d1503..94f902c7 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -6,12 +6,19 @@ lib, pkgs, modulesPath, + inputs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + sops.secrets = { + "wireguard-keys/proton/horizon" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + }; + boot = { initrd = { availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; @@ -90,8 +97,23 @@ useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. - wireguard.interfaces = { + wg-quick.interfaces = { proton = { + # IP address of this machine in the *tunnel network* + address = ["10.2.0.1/32"]; + + listenPort = 51820; + + privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; + + peers = [ + { + publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; + allowedIPs = ["0.0.0.0/0"]; + endpoint = "84.17.63.8:51820"; + persistentKeepalive = 25; + } + ]; }; }; }; diff --git a/flake.lock b/flake.lock index e563eb0f..73eac0e1 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740254115, - "narHash": "sha256-MwxDtYB/MSGZlr/xS+ExGYH2QgHk73ShD40shxjad/Y=", + "lastModified": 1740265252, + "narHash": "sha256-+LFsCsIUF/pJWL9S21m5NLcK5bgwRB4MwfV0Iu7tggY=", "owner": "nix-community", "repo": "home-manager", - "rev": "cb3f6e9b59d3a5e51ef9f7da2b8418d5c72aaef8", + "rev": "fb568d75cf6c81f30d49eeb73787e9b56454ba16", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740265180, - "narHash": "sha256-VcS1aWKZQG1Com/OgL8RbTSG7IJphNLkFXAcFer0cMQ=", + "lastModified": 1740267388, + "narHash": "sha256-JCgjNQMrlzf8a0YAqRNGliGmgv6afnc0OTOD6Eg0RZ0=", "ref": "refs/heads/main", - "rev": "5ec7b1181a3ce76c8238819195f7e55f51407463", - "revCount": 7, + "rev": "f5af565aee98df0a78056c49c85cda640ce290fd", + "revCount": 10, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, From 9bfa5c9e8d8978daebb893653b09413164720c94 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Feb 2025 22:46:31 -0600 Subject: [PATCH 497/932] disabled wireguard interface on horizon --- .../nixos/horizon/hardware-configuration.nix | 42 ++++++++++++------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 94f902c7..1c84e97e 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -97,25 +97,35 @@ useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. - wg-quick.interfaces = { - proton = { - # IP address of this machine in the *tunnel network* - address = ["10.2.0.1/32"]; + # wg-quick.interfaces = { + # proton = { + # # IP address of this machine in the *tunnel network* + # address = ["10.2.0.1/32"]; - listenPort = 51820; + # listenPort = 51820; - privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; + # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; - peers = [ - { - publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; - allowedIPs = ["0.0.0.0/0"]; - endpoint = "84.17.63.8:51820"; - persistentKeepalive = 25; - } - ]; - }; - }; + # peers = [ + # { + # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "84.17.63.8:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "68.169.42.242:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; + # allowedIPs = ["0.0.0.0/0"]; + # } + # ]; + # }; + # }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; From 2e0f71a6fa2da47fae321660bd86919ef052cec9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 11:10:16 -0600 Subject: [PATCH 498/932] installed tailscale on all machines --- README.md | 2 - .../nixos/defiant/configuration.nix | 17 ++++++- .../nixos/horizon/configuration.nix | 46 +++++++++++++++++++ .../nixos/horizon/hardware-configuration.nix | 37 --------------- .../nixos/twilight/configuration.nix | 33 +++++++++---- flake.lock | 26 +++++------ modules/nixos-modules/tailscale.nix | 34 ++++++++++++++ 7 files changed, 133 insertions(+), 62 deletions(-) create mode 100644 modules/nixos-modules/tailscale.nix diff --git a/README.md b/README.md index 69f4e263..0e8ff077 100644 --- a/README.md +++ b/README.md @@ -58,8 +58,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Open GL? - rotate sops encryption keys periodically (and somehow sync between devices?) - zfs email after scrubbing -- common wireguard config -- configure wireguard on all clients - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 155b35be..19b8f65e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -1,5 +1,16 @@ # server nas -{pkgs, ...}: { +{ + inputs, + config, + pkgs, + ... +}: { + sops.secrets = { + "wireguard-keys/tailscale-authkey/defiant" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + }; + host = { users = { leyla = { @@ -136,6 +147,10 @@ "deepseek-r1:70b" ]; }; + tailscale = { + enable = true; + authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; + }; }; # disable computer sleeping diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 75657d2b..a4f4f77f 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,4 +1,5 @@ { + config, inputs, pkgs, ... @@ -36,6 +37,15 @@ programs.adb.enable = true; + sops.secrets = { + "wireguard-keys/tailscale-authkey/horizon" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + # "wireguard-keys/proton/horizon" = { + # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + # }; + }; + services = { # sudo fprintd-enroll fprintd = { @@ -49,6 +59,42 @@ "deepseek-r1:1.5b" ]; }; + tailscale = { + enable = true; + authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; + }; + }; + + networking = { + # wg-quick.interfaces = { + # proton = { + # # IP address of this machine in the *tunnel network* + # address = ["10.2.0.1/32"]; + + # listenPort = 51820; + + # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; + + # peers = [ + # { + # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "84.17.63.8:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; + # allowedIPs = ["0.0.0.0/0"]; + # endpoint = "68.169.42.242:51820"; + # persistentKeepalive = 25; + # } + # { + # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; + # allowedIPs = ["0.0.0.0/0"]; + # } + # ]; + # }; + # }; }; # networking.extraHosts = '' diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 1c84e97e..48a46808 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -6,19 +6,12 @@ lib, pkgs, modulesPath, - inputs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - sops.secrets = { - "wireguard-keys/proton/horizon" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; - }; - }; - boot = { initrd = { availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; @@ -96,36 +89,6 @@ networkmanager.enable = true; useDHCP = lib.mkDefault true; hostName = "horizon"; # Define your hostname. - - # wg-quick.interfaces = { - # proton = { - # # IP address of this machine in the *tunnel network* - # address = ["10.2.0.1/32"]; - - # listenPort = 51820; - - # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; - - # peers = [ - # { - # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "84.17.63.8:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "68.169.42.242:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; - # allowedIPs = ["0.0.0.0/0"]; - # } - # ]; - # }; - # }; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 2735f204..4f4b355f 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,10 +1,19 @@ -{...}: { +{ + inputs, + config, + ... +}: { imports = [ ./monitors.nix ]; nixpkgs.config.allowUnfree = true; + sops.secrets = { + "wireguard-keys/tailscale-authkey/twilight" = { + sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + }; + }; host = { users = { leyla = { @@ -22,16 +31,22 @@ }; }; - services.ollama = { - enable = true; + services = { + ollama = { + enable = true; - loadModels = [ - "deepseek-coder:6.7b" - "deepseek-r1:8b" - "deepseek-r1:32b" - ]; + loadModels = [ + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:32b" + ]; + }; + + tailscale = { + enable = true; + authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; + }; }; - programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play diff --git a/flake.lock b/flake.lock index 73eac0e1..ffdbb040 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740265252, - "narHash": "sha256-+LFsCsIUF/pJWL9S21m5NLcK5bgwRB4MwfV0Iu7tggY=", + "lastModified": 1740318342, + "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=", "owner": "nix-community", "repo": "home-manager", - "rev": "fb568d75cf6c81f30d49eeb73787e9b56454ba16", + "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca", "type": "github" }, "original": { @@ -171,11 +171,11 @@ ] }, "locked": { - "lastModified": 1740188781, - "narHash": "sha256-3FDg6k9kQXq5M6ZHc2f9KsPydvWBtqacU9lWA7nIFYI=", + "lastModified": 1740275623, + "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ba52a14c907e0cece9734e0ff59c3c742b6b1075", + "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1739866667, - "narHash": "sha256-EO1ygNKZlsAC9avfcwHkKGMsmipUk1Uc0TbrEZpkn64=", + "lastModified": 1740126099, + "narHash": "sha256-ozoOtE2hGsqh4XkTJFsrTkNxkRgShxpQxDynaPZUGxk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "73cf49b8ad837ade2de76f87eb53fc85ed5d4680", + "rev": "32fb99ba93fea2798be0e997ea331dd78167f814", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740267388, - "narHash": "sha256-JCgjNQMrlzf8a0YAqRNGliGmgv6afnc0OTOD6Eg0RZ0=", + "lastModified": 1740328351, + "narHash": "sha256-oX+XYRclxVYgLy5NX9UR7XKixaH5jJQuQhR7Of/ZtTk=", "ref": "refs/heads/main", - "rev": "f5af565aee98df0a78056c49c85cda640ce290fd", - "revCount": 10, + "rev": "52bb4eadd620757e6a943d335e31458ffa2ada2b", + "revCount": 11, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/tailscale.nix b/modules/nixos-modules/tailscale.nix new file mode 100644 index 00000000..a998f49d --- /dev/null +++ b/modules/nixos-modules/tailscale.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: let + tailscale_data_directory = "/var/lib/tailscale"; +in { + options.host.tailscale = { + enable = lib.mkEnableOption "should tailscale be enabled on this computer"; + }; + + config = lib.mkIf config.services.tailscale.enable ( + lib.mkMerge [ + { + # any configs we want shared between all machines + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence = { + "/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = tailscale_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + ]; + }; + }; + }) + ] + ); +} From af568c7b7075b766bf18f69cc85a00c081b141e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 11:13:18 -0600 Subject: [PATCH 499/932] fixed deprecation warnings for vscode configs --- configurations/home-manager/leyla/vscode.nix | 149 ++++++++++--------- 1 file changed, 76 insertions(+), 73 deletions(-) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index c9d779d1..c6f85868 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -28,87 +28,90 @@ in { package = pkgs.vscodium; mutableExtensionsDir = false; - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - (lib.mkIf osConfig.services.ollama.enable { - "twinny.fileContextEnabled" = true; - "twinny.enableLogging" = false; - "twinny.completionCacheEnabled" = true; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; - # builtins.elemAt osConfig.services.ollama.loadModels 0; - }) - ]; + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = [ + "webdav" + ]; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + (lib.mkIf osConfig.services.ollama.enable { + "twinny.fileContextEnabled" = true; + "twinny.enableLogging" = false; + "twinny.completionCacheEnabled" = true; - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + # builtins.elemAt osConfig.services.ollama.loadModels 0; + }) + ]; - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - bungcip.better-toml - ] - ++ ( - lib.lists.optionals osConfig.services.ollama.enable [ - rjmacarthy.twinny - ] - ) - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; [ # js extensions - karyfoundation.nearley + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + bungcip.better-toml ] - ) - ); + ++ ( + lib.lists.optionals osConfig.services.ollama.enable [ + rjmacarthy.twinny + ] + ) + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ] + ) + ); + }; }; }; } From 0a00be96515f767ef66312956e096725ea3df5da Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 13:56:22 -0600 Subject: [PATCH 500/932] added email config to disko zfs config --- README.md | 2 +- .../nixos/defiant/configuration.nix | 11 ++++ flake.lock | 8 +-- modules/nixos-modules/disko.nix | 60 +++++++++++++++++++ 4 files changed, 76 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0e8ff077..6b3441de 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - figure out steam vr things? - Open GL? - rotate sops encryption keys periodically (and somehow sync between devices?) -- zfs email after scrubbing +- zfs email after scrubbing # TODO: test this - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 19b8f65e..c8edcba7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -9,6 +9,9 @@ "wireguard-keys/tailscale-authkey/defiant" = { sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; }; + "services/zfs_smtp_token" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; }; host = { @@ -23,6 +26,14 @@ storage = { enable = true; encryption = true; + notifications = { + enable = true; + host = "smtp.protonmail.ch"; + port = 587; + to = "leyla@jan-leila.com"; + user = "leyla@jan-leila.com"; + tokenFile = config.sops.secrets."services/zfs_smtp_token".path; + }; pool = { drives = [ "ata-ST18000NE000-3G6101_ZVTCXVEB" diff --git a/flake.lock b/flake.lock index ffdbb040..56057f23 100644 --- a/flake.lock +++ b/flake.lock @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740328351, - "narHash": "sha256-oX+XYRclxVYgLy5NX9UR7XKixaH5jJQuQhR7Of/ZtTk=", + "lastModified": 1740340309, + "narHash": "sha256-NoCpH7t1hTPi6+j7tB/IBirae4Bk6iZXpTiUmFzdKAY=", "ref": "refs/heads/main", - "rev": "52bb4eadd620757e6a943d335e31458ffa2ada2b", - "revCount": 11, + "rev": "0237156ee8bc0157e8c3a701fcf7e2dd27d76fc6", + "revCount": 12, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index b2685aff..28afab11 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, inputs, ... @@ -23,6 +24,26 @@ in { options.host.storage = { enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; encryption = lib.mkEnableOption "is the vdev going to be encrypted"; + notifications = { + enable = lib.mkEnableOption "are notifications enabled"; + host = lib.mkOption { + type = lib.types.str; + description = "what is the host that we are going to send the email to"; + }; + port = lib.mkOption { + type = lib.types.port; + description = "what port is the host using to receive mail on"; + }; + to = lib.mkOption { + type = lib.types.str; + description = "what account is the email going to be sent to"; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user is the email going to be set from"; + }; + tokenFile = lib.mkOption {}; # TODO: make this a secrets file + }; pool = { vdevs = lib.mkOption { type = lib.types.listOf (lib.types.listOf lib.types.str); @@ -50,9 +71,48 @@ in { }; config = lib.mkIf config.host.storage.enable { + programs.msmtp = lib.mkIf config.host.storage.notifications.enable { + enable = true; + setSendmail = true; + defaults = { + aliases = "/etc/aliases"; + port = config.host.storage.notifications.port; + tls_trust_file = "/etc/ssl/certs/ca-certificates.crt"; + tls = "on"; + auth = "login"; + tls_starttls = "off"; + }; + accounts = { + zfs_notifications = { + host = config.host.storage.notifications.host; + passwordeval = "cat ${config.host.storage.notifications.tokenFile}"; + user = config.host.storage.notifications.user; + from = config.host.storage.notifications.user; + }; + }; + }; + services.zfs = { autoScrub.enable = true; autoSnapshot.enable = true; + + zed = lib.mkIf config.host.storage.notifications.enable { + # this option is broken we are just going to disable it + enableMail = false; + + settings = { + ZED_DEBUG_LOG = "/tmp/zed.debug.log"; + ZED_EMAIL_ADDR = [config.host.storage.notifications.to]; + ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; + ZED_EMAIL_OPTS = "@ADDRESS@"; + + ZED_NOTIFY_INTERVAL_SECS = 3600; + ZED_NOTIFY_VERBOSE = true; + + ZED_USE_ENCLOSURE_LEDS = true; + ZED_SCRUB_AFTER_RESILVER = true; + }; + }; }; disko.devices = { From 5be14739d82f4b3c82db05744615adb591544ae1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 17:10:04 -0600 Subject: [PATCH 501/932] fixed permissions on tailscale persist --- modules/nixos-modules/tailscale.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/tailscale.nix b/modules/nixos-modules/tailscale.nix index a998f49d..db664e81 100644 --- a/modules/nixos-modules/tailscale.nix +++ b/modules/nixos-modules/tailscale.nix @@ -22,8 +22,8 @@ in { directories = [ { directory = tailscale_data_directory; - user = "jellyfin"; - group = "jellyfin"; + user = "root"; + group = "root"; } ]; }; From b7bf91727496bdf99ceddea31f2d917ac881b3bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 17:50:40 -0600 Subject: [PATCH 502/932] imported tailscale config in default.nix --- modules/nixos-modules/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 371a1561..fdbdc7e0 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,6 +12,7 @@ ./impermanence.nix ./disko.nix ./ollama.nix + ./tailscale.nix ./server ]; From 21d09b469d45c6778e2437317e149729656aeab5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 17:52:25 -0600 Subject: [PATCH 503/932] updated secrets --- flake.lock | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 56057f23..67e97948 100644 --- a/flake.lock +++ b/flake.lock @@ -114,11 +114,11 @@ ] }, "locked": { - "lastModified": 1740318342, - "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=", + "lastModified": 1740347597, + "narHash": "sha256-st5q9egkPGz8TUcVVlIQX7y6G3AzHob+6M963bwVq74=", "owner": "nix-community", "repo": "home-manager", - "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca", + "rev": "12e26a74e5eb1a31e13daaa08858689e25ebd449", "type": "github" }, "original": { @@ -234,11 +234,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740340309, - "narHash": "sha256-NoCpH7t1hTPi6+j7tB/IBirae4Bk6iZXpTiUmFzdKAY=", + "lastModified": 1740354712, + "narHash": "sha256-1PMVP2txoD4lhW7k3fbYa7CZ+hLBJO5f91EWtegrqEg=", "ref": "refs/heads/main", - "rev": "0237156ee8bc0157e8c3a701fcf7e2dd27d76fc6", - "revCount": 12, + "rev": "db6d65e814bc0c99f6e9b95308184b004038243e", + "revCount": 13, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, From ff3ef808434f4f9d1206d39575e47f1a7e530ac4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 18:04:56 -0600 Subject: [PATCH 504/932] added task to new features --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6b3441de..20abdf24 100644 --- a/README.md +++ b/README.md @@ -64,3 +64,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - zfs encryption FIDO2 2fa - ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote +- SMART test with email results \ No newline at end of file From d4f3820e25fa06e9e09f909fce622fa67d0846ed Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Feb 2025 18:56:10 -0600 Subject: [PATCH 505/932] added note to task for readme --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 20abdf24..69146915 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Research topics - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init -- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ - https://nixos-and-flakes.thiscute.world/ # Tasks: @@ -61,7 +60,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich -- zfs encryption FIDO2 2fa +- zfs encryption FIDO2 2fa (look into shavee) - ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results \ No newline at end of file From 70fb2d9be2ef24448d1a7dbae88c385d782ee5f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:06:38 -0600 Subject: [PATCH 506/932] set use routing features for tailscale --- configurations/nixos/defiant/configuration.nix | 1 + configurations/nixos/horizon/configuration.nix | 1 + configurations/nixos/twilight/configuration.nix | 1 + 3 files changed, 3 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c8edcba7..18ef99e4 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -161,6 +161,7 @@ tailscale = { enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; + useRoutingFeatures = "server"; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index a4f4f77f..1dc88b73 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -62,6 +62,7 @@ tailscale = { enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; + useRoutingFeatures = "client"; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 4f4b355f..00facbe9 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -45,6 +45,7 @@ tailscale = { enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; + useRoutingFeatures = "both"; }; }; programs.steam = { From 79c130dc4bd542d3d346fad0ba087a643586bdb3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:10:01 -0600 Subject: [PATCH 507/932] disabled ollama on defiant --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 18ef99e4..1ba8127f 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -149,7 +149,7 @@ }; ollama = { - enable = true; + enable = false; loadModels = [ "deepseek-coder:6.7b" From 500cbc213c9916b72d1154b29d86b2b8740cbdea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:23:12 -0600 Subject: [PATCH 508/932] added advertise-exit-node flags to tailscale --- configurations/nixos/defiant/configuration.nix | 1 + configurations/nixos/twilight/configuration.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 1ba8127f..e8674a2d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -162,6 +162,7 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; + extraUpFlags = ["--advertise-exit-node"]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 00facbe9..488c7485 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -46,6 +46,7 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; + extraUpFlags = ["--advertise-exit-node"]; }; }; programs.steam = { From ab94cb1dae10631b87f37d603aaa5d00fe9b1c11 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:27:29 -0600 Subject: [PATCH 509/932] added advertise-routes to defiant tailscale config --- configurations/nixos/defiant/configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e8674a2d..189ee9e8 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -162,7 +162,10 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; - extraUpFlags = ["--advertise-exit-node"]; + extraUpFlags = [ + "--advertise-exit-node" + "--advertise-routes=192.168.1.0/24" + ]; }; }; From 6d6e34e06a6a103ad06cb15afc4d45f0e120d335 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:38:42 -0600 Subject: [PATCH 510/932] added extra set flags to configs --- configurations/nixos/defiant/configuration.nix | 4 ++++ configurations/nixos/twilight/configuration.nix | 3 +++ 2 files changed, 7 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 189ee9e8..80308edb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -166,6 +166,10 @@ "--advertise-exit-node" "--advertise-routes=192.168.1.0/24" ]; + extraSetFlags = [ + "--advertise-exit-node" + "--advertise-routes=192.168.1.0/24" + ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 488c7485..27b47aca 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -47,6 +47,9 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; extraUpFlags = ["--advertise-exit-node"]; + extraSetFlags = [ + "--advertise-exit-node" + ]; }; }; programs.steam = { From c9bc06f594901a28df37ed00ad3e5f9aeda55813 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:49:54 -0600 Subject: [PATCH 511/932] added syncthing to other computers --- .../nixos/defiant/configuration.nix | 10 ++ .../nixos/twilight/configuration.nix | 10 ++ modules/nixos-modules/sync.nix | 131 +++++++++++------- 3 files changed, 101 insertions(+), 50 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 80308edb..f300185d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -118,6 +118,16 @@ enable = true; subdomain = "drive"; }; + sync = { + enable = true; + folders = { + leyla = { + documents.enable = true; + calendar.enable = true; + notes.enable = true; + }; + }; + }; }; networking = { hostId = "c51763d6"; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 27b47aca..46dfd8ac 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -29,6 +29,16 @@ openRGB.enable = true; graphicsAcceleration.enable = true; }; + sync = { + enable = true; + folders = { + leyla = { + documents.enable = true; + calendar.enable = true; + notes.enable = true; + }; + }; + }; }; services = { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 00036f4b..ac399f2a 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -35,56 +35,87 @@ in { }; }; - config = { - systemd = lib.mkIf config.services.syncthing.enable { - tmpfiles.rules = [ - "d ${mountDir} 755 syncthing syncthing -" - "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" - "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" - ]; - }; - services.syncthing = { - enable = config.host.sync.enable; - user = "syncthing"; - group = "syncthing"; - dataDir = "${mountDir}/default"; - configDir = "/etc/syncthing"; - overrideDevices = true; - overrideFolders = true; - settings = { - devices = { - ceder = { - id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; - }; - coven = { - id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; - }; - }; - folders = lib.mkMerge [ - config.host.sync.folders.extraFolders - (lib.mkIf config.host.sync.folders.leyla.documents.enable { - "documents" = { - id = "hvrj0-9bm1p"; - path = "/mnt/sync/leyla/documents"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.calendar.enable { - "calendar" = { - id = "8oatl-1rv6w"; - path = "/mnt/sync/leyla/calendar"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.notes.enable { - "notes" = { - id = "dwbuv-zffnf"; - path = "/mnt/sync/leyla/notes"; - devices = ["ceder" "coven"]; - }; - }) + config = lib.mkMerge [ + { + systemd = lib.mkIf config.services.syncthing.enable { + tmpfiles.rules = [ + "d ${mountDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" + "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" ]; }; - }; - }; + } + (lib.mkIf config.host.sync.enable (lib.mkMerge [ + { + services.syncthing = { + enable = true; + user = "syncthing"; + group = "syncthing"; + dataDir = "${mountDir}/default"; + configDir = "/etc/syncthing"; + overrideDevices = true; + overrideFolders = true; + settings = { + devices = { + ceder = { + id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + }; + coven = { + id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; + }; + defiant = lib.mkIf (config.networking.hostName != "defiant") { + id = "TQGGO5F-PUXQYVV-LVVM7PR-Q4TKI6T-NR576PH-CFTVB4O-RP5LL6C-WKQMXQR"; + }; + twilight = lib.mkIf (config.networking.hostName != "twilight") { + id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; + }; + horizon = lib.mkIf (config.networking.hostName != "horizon") { + id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + }; + }; + folders = lib.mkMerge [ + config.host.sync.folders.extraFolders + (lib.mkIf config.host.sync.folders.leyla.documents.enable { + "documents" = { + id = "hvrj0-9bm1p"; + path = "${mountDir}/leyla/documents"; + devices = ["ceder" "coven"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + "calendar" = { + id = "8oatl-1rv6w"; + path = "${mountDir}/leyla/calendar"; + devices = ["ceder" "coven"]; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.notes.enable { + "notes" = { + id = "dwbuv-zffnf"; + path = "${mountDir}/leyla/notes"; + devices = ["ceder" "coven"]; + }; + }) + ]; + }; + }; + } + + (lib.mkIf config.host.impermanence.enable { + environment.persistence = { + "/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = mountDir; + user = "syncthing"; + group = "syncthing"; + } + ]; + }; + }; + }) + ])) + ]; } From 87beef314926028f5ae1a37a3aabe0746914db29 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 12:52:34 -0600 Subject: [PATCH 512/932] added notes to pihole for tailscale --- modules/nixos-modules/server/pihole.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix index 6ec7628e..e8778644 100644 --- a/modules/nixos-modules/server/pihole.nix +++ b/modules/nixos-modules/server/pihole.nix @@ -56,6 +56,13 @@ in { }; }; + # TODO: we need to have a tailscale container here and use that to define the network_mode of pihole container + # TS_ACCEPT_DNS = "false"; + # TS_AUTHKEY = ${something from a secrets file???} + # TS_HOSTNAME = "pihole"; + # TS_USERSPACE = "false"; + # TODO: volumes for tailnet container with impermanence config + # https://tailscale.com/kb/1282/docker virtualisation = { oci-containers = { containers = { From d2b43225ee7e6b4319d6a821bc35071faeed609a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 13:01:34 -0600 Subject: [PATCH 513/932] set devices on folders --- modules/nixos-modules/sync.nix | 57 ++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index ac399f2a..0df2a78d 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -73,30 +73,39 @@ in { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; }; }; - folders = lib.mkMerge [ - config.host.sync.folders.extraFolders - (lib.mkIf config.host.sync.folders.leyla.documents.enable { - "documents" = { - id = "hvrj0-9bm1p"; - path = "${mountDir}/leyla/documents"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.calendar.enable { - "calendar" = { - id = "8oatl-1rv6w"; - path = "${mountDir}/leyla/calendar"; - devices = ["ceder" "coven"]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.notes.enable { - "notes" = { - id = "dwbuv-zffnf"; - path = "${mountDir}/leyla/notes"; - devices = ["ceder" "coven"]; - }; - }) - ]; + folders = let + allDevices = [ + "ceder" + "coven" + (lib.mkIf (config.networking.hostName != "defiant") "defiant") + (lib.mkIf (config.networking.hostName != "twilight") "twilight") + (lib.mkIf (config.networking.hostName != "horizon") "horizon") + ]; + in + lib.mkMerge [ + config.host.sync.folders.extraFolders + (lib.mkIf config.host.sync.folders.leyla.documents.enable { + "documents" = { + id = "hvrj0-9bm1p"; + path = "${mountDir}/leyla/documents"; + devices = allDevices; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + "calendar" = { + id = "8oatl-1rv6w"; + path = "${mountDir}/leyla/calendar"; + devices = allDevices; + }; + }) + (lib.mkIf config.host.sync.folders.leyla.notes.enable { + "notes" = { + id = "dwbuv-zffnf"; + path = "${mountDir}/leyla/notes"; + devices = allDevices; + }; + }) + ]; }; }; } From 98b475e4c888273228ec81f7285fccd1b1135fad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:10:57 -0600 Subject: [PATCH 514/932] updated permission on syncing mnt dir --- modules/nixos-modules/sync.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 0df2a78d..402d580f 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -39,8 +39,8 @@ in { { systemd = lib.mkIf config.services.syncthing.enable { tmpfiles.rules = [ - "d ${mountDir} 755 syncthing syncthing -" - "d ${config.services.syncthing.dataDir} 755 syncthing syncthing -" + "d ${mountDir} 2755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" ]; }; From 50d1e8d5ea53df6d4ddc6f40f22b13925c1cc1a4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:35:35 -0600 Subject: [PATCH 515/932] added share folder config --- .../nixos/defiant/configuration.nix | 1 + modules/nixos-modules/sync.nix | 42 +++++++++++++++---- 2 files changed, 34 insertions(+), 9 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f300185d..788a46b6 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -121,6 +121,7 @@ sync = { enable = true; folders = { + share.enable = true; leyla = { documents.enable = true; calendar.enable = true; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 402d580f..b067bfb6 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -8,6 +8,9 @@ in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; folders = { + share = { + enable = lib.mkEnableOption "should the share folder by synced"; + }; leyla = { documents = { enable = lib.mkEnableOption "should the documents folder be synced"; @@ -72,14 +75,24 @@ in { horizon = lib.mkIf (config.networking.hostName != "horizon") { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; }; + shale = { + id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; + }; }; folders = let - allDevices = [ - "ceder" - "coven" - (lib.mkIf (config.networking.hostName != "defiant") "defiant") - (lib.mkIf (config.networking.hostName != "twilight") "twilight") - (lib.mkIf (config.networking.hostName != "horizon") "horizon") + ceder = "ceder"; + coven = "coven"; + shale = "shale"; + defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; + twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; + horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; + leylaDevices = [ + ceder + coven + shale + defiant + twilight + horizon ]; in lib.mkMerge [ @@ -88,21 +101,32 @@ in { "documents" = { id = "hvrj0-9bm1p"; path = "${mountDir}/leyla/documents"; - devices = allDevices; + devices = leylaDevices; }; }) (lib.mkIf config.host.sync.folders.leyla.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; path = "${mountDir}/leyla/calendar"; - devices = allDevices; + devices = leylaDevices; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "${mountDir}/leyla/notes"; - devices = allDevices; + devices = leylaDevices; + }; + }) + (lib.mkIf config.host.sync.folders.share.enable { + "share" = { + id = "73ot0-cxmkx"; + path = "${mountDir}/default/share"; + devices = [ + ceder + shale + defiant + ]; }; }) ]; From d04c5183ca860a739f56a79401c9af15bcdd6988 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:40:52 -0600 Subject: [PATCH 516/932] removed shale from leylas devices --- modules/nixos-modules/sync.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index b067bfb6..07d7bb3b 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -87,13 +87,17 @@ in { twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; leylaDevices = [ + defiant ceder coven - shale - defiant twilight horizon ]; + superNoteTablets = [ + defiant + ceder + shale + ]; in lib.mkMerge [ config.host.sync.folders.extraFolders From a7888cb1642d9540f7789603ec261459836b03c8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:43:09 -0600 Subject: [PATCH 517/932] removed horizon and twilight from notes and calendar share --- modules/nixos-modules/sync.nix | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 07d7bb3b..72795aad 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -86,6 +86,14 @@ in { defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; + allDevices = [ + defiant + ceder + coven + twilight + horizon + shale + ]; leylaDevices = [ defiant ceder @@ -112,25 +120,21 @@ in { "calendar" = { id = "8oatl-1rv6w"; path = "${mountDir}/leyla/calendar"; - devices = leylaDevices; + devices = superNoteTablets; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "${mountDir}/leyla/notes"; - devices = leylaDevices; + devices = superNoteTablets; }; }) (lib.mkIf config.host.sync.folders.share.enable { "share" = { id = "73ot0-cxmkx"; path = "${mountDir}/default/share"; - devices = [ - ceder - shale - defiant - ]; + devices = allDevices; }; }) ]; From a7c734871b15b2baccc7503cfa07ed5ebf4fc154 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:48:06 -0600 Subject: [PATCH 518/932] fixed shares between devices --- .../nixos/defiant/configuration.nix | 6 +- .../nixos/horizon/configuration.nix | 2 - .../nixos/twilight/configuration.nix | 2 - modules/nixos-modules/sync.nix | 58 +++++++++---------- 4 files changed, 33 insertions(+), 35 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 788a46b6..6394e77e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -121,10 +121,12 @@ sync = { enable = true; folders = { - share.enable = true; + share = { + enable = true; + calendar.enable = true; + }; leyla = { documents.enable = true; - calendar.enable = true; notes.enable = true; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 1dc88b73..822d80ac 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -22,8 +22,6 @@ folders = { leyla = { documents.enable = true; - calendar.enable = true; - notes.enable = true; }; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 46dfd8ac..0a75713b 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -34,8 +34,6 @@ folders = { leyla = { documents.enable = true; - calendar.enable = true; - notes.enable = true; }; }; }; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 72795aad..94961e77 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -10,14 +10,14 @@ in { folders = { share = { enable = lib.mkEnableOption "should the share folder by synced"; + calendar = { + enable = lib.mkEnableOption "should the calendar folder be synced"; + }; }; leyla = { documents = { enable = lib.mkEnableOption "should the documents folder be synced"; }; - calendar = { - enable = lib.mkEnableOption "should the calendar folder be synced"; - }; notes = { enable = lib.mkEnableOption "should the notes folder by synced"; }; @@ -86,26 +86,6 @@ in { defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; - allDevices = [ - defiant - ceder - coven - twilight - horizon - shale - ]; - leylaDevices = [ - defiant - ceder - coven - twilight - horizon - ]; - superNoteTablets = [ - defiant - ceder - shale - ]; in lib.mkMerge [ config.host.sync.folders.extraFolders @@ -113,28 +93,48 @@ in { "documents" = { id = "hvrj0-9bm1p"; path = "${mountDir}/leyla/documents"; - devices = leylaDevices; + devices = [ + defiant + ceder + coven + twilight + horizon + ]; }; }) - (lib.mkIf config.host.sync.folders.leyla.calendar.enable { + (lib.mkIf config.host.sync.folders.share.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; - path = "${mountDir}/leyla/calendar"; - devices = superNoteTablets; + path = "${mountDir}/share/calendar"; + devices = [ + defiant + ceder + shale + ]; }; }) (lib.mkIf config.host.sync.folders.leyla.notes.enable { "notes" = { id = "dwbuv-zffnf"; path = "${mountDir}/leyla/notes"; - devices = superNoteTablets; + devices = [ + defiant + ceder + ]; }; }) (lib.mkIf config.host.sync.folders.share.enable { "share" = { id = "73ot0-cxmkx"; path = "${mountDir}/default/share"; - devices = allDevices; + devices = [ + defiant + ceder + coven + twilight + horizon + shale + ]; }; }) ]; From e2bd3d9af690c8e2807ea6fe4969f8a5ecc81af3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 18:57:28 -0600 Subject: [PATCH 519/932] moved cal dir --- configurations/nixos/horizon/configuration.nix | 1 + configurations/nixos/twilight/configuration.nix | 1 + modules/nixos-modules/sync.nix | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 822d80ac..8a264879 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -20,6 +20,7 @@ sync = { enable = true; folders = { + share.enable = true; leyla = { documents.enable = true; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 0a75713b..555eb052 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -32,6 +32,7 @@ sync = { enable = true; folders = { + share.enable = true; leyla = { documents.enable = true; }; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 94961e77..48fd2c36 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -105,7 +105,7 @@ in { (lib.mkIf config.host.sync.folders.share.calendar.enable { "calendar" = { id = "8oatl-1rv6w"; - path = "${mountDir}/share/calendar"; + path = "${mountDir}/default/calendar"; devices = [ defiant ceder From ac580d8e51f9c1a19fe1754c3ecd90b12d1ec4ae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 19:19:59 -0600 Subject: [PATCH 520/932] added task to tech debt --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 69146915..197c292c 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- syncthing password +- syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations +- syncthing folder passwords ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 53301d0e45e4e6d97cdf40ded57c0ebdc2f1e783 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Feb 2025 22:56:32 -0600 Subject: [PATCH 521/932] fixed pihole config --- .../nixos/defiant/configuration.nix | 18 ++-- modules/nixos-modules/server/pihole.nix | 88 ++++++++++++++----- modules/nixos-modules/server/podman.nix | 27 +++--- 3 files changed, 91 insertions(+), 42 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6394e77e..9d61f652 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -87,13 +87,13 @@ }; }; }; - podman = { - macvlan = { - subnet = "192.168.1.0/24"; - gateway = "192.168.1.1"; - networkInterface = "bond0"; - }; - }; + # podman = { + # macvlan = { + # subnet = "192.168.1.0/24"; + # gateway = "192.168.1.1"; + # networkInterface = "bond0"; + # }; + # }; jellyfin = { enable = true; subdomain = "media"; @@ -112,7 +112,7 @@ }; pihole = { enable = true; - ip = "192.168.1.201"; + # ip = "192.168.1.201"; }; nextcloud = { enable = true; @@ -178,10 +178,12 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.1.0/24" + "--accept-dns=false" ]; extraSetFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.1.0/24" + "--accept-dns=false" ]; }; }; diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix index e8778644..aee61052 100644 --- a/modules/nixos-modules/server/pihole.nix +++ b/modules/nixos-modules/server/pihole.nix @@ -5,6 +5,7 @@ ... }: let dnsPort = 53; + webPort = 8090; in { options.host.pihole = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; @@ -14,9 +15,27 @@ in { }; image = lib.mkOption { type = lib.types.str; - default = "pihole/pihole:2024.07.0"; + default = "pihole/pihole:latest"; description = "container image to use for pi-hole"; }; + # piholeStateDirectory = { + # type = lib.types.str; + # default = "${config.host.pihole.directory}/pihole"; + # }; + # tailscaleStateDirectory = { + # type = lib.types.str; + # default = "${config.host.pihole.directory}/tailscale"; + # }; + # piholeImage = lib.mkOption { + # type = lib.types.str; + # default = "pihole/pihole:2024.07.0"; + # description = "container image to use for pi-hole"; + # }; + # tailscaleImage = lib.mkOption { + # type = lib.types.str; + # default = "tailscale/tailscale:latest"; + # description = "container image to use for pi-holes tail scale"; + # }; ip = lib.mkOption { type = lib.types.str; description = "ip address to use for pi-hole"; @@ -25,14 +44,24 @@ in { config = lib.mkIf config.host.pihole.enable (lib.mkMerge [ { host.podman.enable = true; - sops.secrets = { - "services/pi-hole" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; + sops = { + secrets = { + "services/pi-hole" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + # "wireguard-keys/tailscale-authkey/pihole" = { + # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + # }; }; + templates."pihole.env".content = '' + FTLCONF_webserver_api_password=${config.sops.placeholder."services/pi-hole"} + ''; }; systemd = { tmpfiles.rules = [ "d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system + # "d ${config.host.pihole.piholeStateDirectory} 755 pihole pihole -" + # "d ${config.host.pihole.tailscaleStateDirectory} 755 pihole pihole -" ]; services = { @@ -40,12 +69,12 @@ in { serviceConfig = { Restart = lib.mkOverride 500 "always"; }; - after = [ - "podman-network-macvlan.service" - ]; - requires = [ - "podman-network-macvlan.service" - ]; + # after = [ + # "podman-network-macvlan.service" + # ]; + # requires = [ + # "podman-network-macvlan.service" + # ]; partOf = [ "podman-compose-root.target" ]; @@ -56,13 +85,8 @@ in { }; }; - # TODO: we need to have a tailscale container here and use that to define the network_mode of pihole container - # TS_ACCEPT_DNS = "false"; - # TS_AUTHKEY = ${something from a secrets file???} - # TS_HOSTNAME = "pihole"; - # TS_USERSPACE = "false"; - # TODO: volumes for tailnet container with impermanence config - # https://tailscale.com/kb/1282/docker + services.resolved.enable = false; + virtualisation = { oci-containers = { containers = { @@ -76,16 +100,40 @@ in { ]; environment = { TZ = "America/Chicago"; - WEBPASSWORD_FILE = passwordFileLocation; + FTLCONF_webserver_port = toString webPort; PIHOLE_UID = toString config.users.users.pihole.uid; PIHOLE_GID = toString config.users.groups.pihole.gid; }; + environmentFiles = [ + config.sops.templates."pihole.env".path + ]; log-driver = "journald"; extraOptions = [ - "--ip=${config.host.pihole.ip}" - "--network=macvlan" + "--network=host" + # "--network=container:${tailscale container id}" ]; }; + # ts-pihole = { + # image = config.host.pihole.tailscaleImage; + # volumes = "${config.host.pihole.tailscaleStateDirectory}:/var/lib/tailscale"; + # environment = { + # TS_ACCEPT_DNS = "false"; + # TS_HOSTNAME = "pihole"; + # TS_STATE_DIR = "/var/lib/tailscale"; + # TS_USERSPACE = "false"; + # TS_EXTRA_ARGS = "--advertise-tags=tag:container"; + # }; + # environmentFiles = [ + # config.sops.templates."tailscale-pihole.env".path + # ]; + # devices = [ + # "/dev/net/tun:/dev/net/tun" + # ]; + # extraOptions = [ + # "--ip=${config.host.pihole.ip}" + # "--network=macvlan" + # ]; + # }; }; }; }; diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix index 0f48ac9f..b75c56f3 100644 --- a/modules/nixos-modules/server/podman.nix +++ b/modules/nixos-modules/server/podman.nix @@ -1,6 +1,5 @@ { lib, - pkgs, config, ... }: { @@ -26,19 +25,19 @@ config = lib.mkIf config.host.podman.enable { systemd = { services = { - "podman-network-macvlan" = { - path = [pkgs.podman]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "podman network rm -f macvlan"; - }; - script = '' - podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan - ''; - partOf = ["podman-compose-root.target"]; - wantedBy = ["podman-compose-root.target"]; - }; + # "podman-network-macvlan" = { + # path = [pkgs.podman]; + # serviceConfig = { + # Type = "oneshot"; + # RemainAfterExit = true; + # ExecStop = "podman network rm -f macvlan"; + # }; + # script = '' + # podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan + # ''; + # partOf = ["podman-compose-root.target"]; + # wantedBy = ["podman-compose-root.target"]; + # }; }; # disable computer sleeping targets = { From 8d02ff00fefb9f6740eb0d19a102203543f86802 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:34:40 -0600 Subject: [PATCH 522/932] added tor to tasks --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 197c292c..7d9aaf29 100644 --- a/README.md +++ b/README.md @@ -64,4 +64,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - zfs encryption FIDO2 2fa (look into shavee) - ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote -- SMART test with email results \ No newline at end of file +- SMART test with email results +- Create Tor guard/relay server From 2b9737b8f2f99a213ebe5654e4cd3c49d9486c87 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:39:58 -0600 Subject: [PATCH 523/932] added tailscale network to nfs server exports --- modules/nixos-modules/server/network_storage/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 58813104..92b65910 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -39,7 +39,7 @@ enable = true; exports = lib.strings.concatLines ( builtins.map ( - directory: "${directory._directory} 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)" + directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt)" ) ( builtins.filter ( From f8966f062f6cf4f201c23f8ffbba681f0a14ce87 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:42:53 -0600 Subject: [PATCH 524/932] made nfs only open firewall on tailscale interface --- modules/nixos-modules/server/network_storage/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 92b65910..e793b16c 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -49,7 +49,7 @@ ) ); }; - networking.firewall.allowedTCPPorts = [ + networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ config.host.network_storage.nfs.port ]; } From 14f170cdc9ee5d134e6c6efde54e6a3b9dbb7f6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 10:54:53 -0600 Subject: [PATCH 525/932] added type to tokenFile --- modules/nixos-modules/disko.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 28afab11..13ddb8f5 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -42,7 +42,10 @@ in { type = lib.types.str; description = "what user is the email going to be set from"; }; - tokenFile = lib.mkOption {}; # TODO: make this a secrets file + tokenFile = lib.mkOption { + type = lib.types.str; + description = "file containing the password to be used by msmtp for notifications"; + }; }; pool = { vdevs = lib.mkOption { From b2c0efd30540848a08b77fe78079a7031ce7d07a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:28:48 -0600 Subject: [PATCH 526/932] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7d9aaf29..8ed797dc 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords +- move fail2ban configs out of fail2ban.nix and into configs for their respective services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 88fa10a3f45961a43e503dc34616f9457a1139f9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:36:17 -0600 Subject: [PATCH 527/932] added auto accept to syncthing config --- .../nixos/defiant/configuration.nix | 7 ++++++ .../nixos/horizon/configuration.nix | 5 +++++ .../nixos/twilight/configuration.nix | 5 +++++ modules/nixos-modules/sync.nix | 22 +++++++++++++++++++ 4 files changed, 39 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9d61f652..7e463300 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -120,6 +120,13 @@ }; sync = { enable = true; + devices = { + ceder.autoAcceptFolders = true; + coven.autoAcceptFolders = true; + twilight.autoAcceptFolders = true; + horizon.autoAcceptFolders = true; + shale.autoAcceptFolders = true; + }; folders = { share = { enable = true; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8a264879..05c1b505 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -19,6 +19,11 @@ }; sync = { enable = true; + devices = { + ceder.autoAcceptFolders = true; + coven.autoAcceptFolders = true; + twilight.autoAcceptFolders = true; + }; folders = { share.enable = true; leyla = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 555eb052..7f5d01b7 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -31,6 +31,11 @@ }; sync = { enable = true; + devices = { + ceder.autoAcceptFolders = true; + coven.autoAcceptFolders = true; + horizon.autoAcceptFolders = true; + }; folders = { share.enable = true; leyla = { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 48fd2c36..f4bfbfc0 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -7,6 +7,23 @@ in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; + devices = { + ceder = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from ceder"; + }; + coven = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from coven"; + }; + twilight = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from twilight"; + }; + horizon = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from horizon"; + }; + shale = { + autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from shale"; + }; + }; folders = { share = { enable = lib.mkEnableOption "should the share folder by synced"; @@ -62,21 +79,26 @@ in { devices = { ceder = { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + autoAcceptFolders = config.host.sync.devices.ceder.autoAcceptFolders; }; coven = { id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; + autoAcceptFolders = config.host.sync.devices.coven.autoAcceptFolders; }; defiant = lib.mkIf (config.networking.hostName != "defiant") { id = "TQGGO5F-PUXQYVV-LVVM7PR-Q4TKI6T-NR576PH-CFTVB4O-RP5LL6C-WKQMXQR"; }; twilight = lib.mkIf (config.networking.hostName != "twilight") { id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; + autoAcceptFolders = config.host.sync.devices.twilight.autoAcceptFolders; }; horizon = lib.mkIf (config.networking.hostName != "horizon") { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + autoAcceptFolders = config.host.sync.devices.horizon.autoAcceptFolders; }; shale = { id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; + autoAcceptFolders = config.host.sync.devices.shale.autoAcceptFolders; }; }; folders = let From 24d6e9653b104336708dad937ac193a00e9c8cab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:41:16 -0600 Subject: [PATCH 528/932] added task to techdebt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8ed797dc..eab19836 100644 --- a/README.md +++ b/README.md @@ -67,3 +67,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results - Create Tor guard/relay server +- remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html From b5110878b192a17e013e3badcb30bd21709041b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Feb 2025 16:50:30 -0600 Subject: [PATCH 529/932] added more config to searx --- modules/nixos-modules/server/searx.nix | 35 ++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index 5af4c57e..b18eb145 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -28,11 +28,46 @@ searx = { enable = true; environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + settings = { server = { port = 8083; secret_key = "@SEARXNG_SECRET@"; }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; }; }; }; From 59743790b02a9f7de4def7af4c8c403af6769a28 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 27 Feb 2025 19:07:50 -0600 Subject: [PATCH 530/932] installed go vscode extensions --- configurations/home-manager/leyla/vscode.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index c6f85868..2aa4059f 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -86,6 +86,9 @@ in { stylelint.vscode-stylelint tauri-apps.tauri-vscode + # go extensions + golang.go + # astro blog extensions astro-build.astro-vscode unifiedjs.vscode-mdx From 1347363fb0750314f361b742cf9917f5377fe7d1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 1 Mar 2025 14:50:21 -0600 Subject: [PATCH 531/932] added back minimize and maximize buttons to gnome --- configurations/home-manager/leyla/dconf.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index a960d752..7177da62 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -5,6 +5,8 @@ settings = { "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + "org/gnome/desktop/wm/preferences".button-layout = "close,maximize,minimize:"; + "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions enabled-extensions = [ From 57806433dc976aaf8049d4ba9ae393b9b87fbf5d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 1 Mar 2025 15:03:09 -0600 Subject: [PATCH 532/932] switched order of gnome window buttons --- configurations/home-manager/leyla/dconf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 7177da62..ea1cd5fb 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -5,7 +5,7 @@ settings = { "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - "org/gnome/desktop/wm/preferences".button-layout = "close,maximize,minimize:"; + "org/gnome/desktop/wm/preferences".button-layout = ":close,minimize,maximize"; "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions From eb13447136532c5f6389ea35beb61ba740c6851c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 1 Mar 2025 15:23:45 -0600 Subject: [PATCH 533/932] switched order of gnome window buttons --- configurations/home-manager/leyla/dconf.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index ea1cd5fb..58186416 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -5,7 +5,7 @@ settings = { "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - "org/gnome/desktop/wm/preferences".button-layout = ":close,minimize,maximize"; + "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions From 2a811955633613cc25ec40cc77654549e17c33fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 2 Mar 2025 15:25:48 -0600 Subject: [PATCH 534/932] added syncthing configDir to persistence --- modules/nixos-modules/sync.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index f4bfbfc0..a5e81ecf 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -4,6 +4,7 @@ ... }: let mountDir = "/mnt/sync"; + configDir = "/etc/syncthing"; in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; @@ -72,7 +73,7 @@ in { user = "syncthing"; group = "syncthing"; dataDir = "${mountDir}/default"; - configDir = "/etc/syncthing"; + configDir = configDir; overrideDevices = true; overrideFolders = true; settings = { @@ -165,6 +166,12 @@ in { } (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.syncthing.configDir == configDir; + message = "syncthing config dir does not match persistence"; + } + ]; environment.persistence = { "/persist/system/root" = { enable = true; @@ -175,6 +182,11 @@ in { user = "syncthing"; group = "syncthing"; } + { + directory = configDir; + user = "syncthing"; + group = "syncthing"; + } ]; }; }; From c2d7f1f481f36aaaefa387d539b0c105f7e8c049 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 2 Mar 2025 15:40:28 -0600 Subject: [PATCH 535/932] updated syncthing defiant id --- modules/nixos-modules/sync.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index a5e81ecf..50c4ae37 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -87,7 +87,7 @@ in { autoAcceptFolders = config.host.sync.devices.coven.autoAcceptFolders; }; defiant = lib.mkIf (config.networking.hostName != "defiant") { - id = "TQGGO5F-PUXQYVV-LVVM7PR-Q4TKI6T-NR576PH-CFTVB4O-RP5LL6C-WKQMXQR"; + id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; }; twilight = lib.mkIf (config.networking.hostName != "twilight") { id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; From 34bc5b19336a086e0c26c5acb633be1fb2ea12e1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Mar 2025 21:30:45 -0600 Subject: [PATCH 536/932] added tailnet devices to fail2ban whitelist --- modules/nixos-modules/server/fail2ban.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 39a8fd27..2f6dc58b 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -20,6 +20,10 @@ in { "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" + + # tail scale tailnet + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" ]; bantime = "24h"; # Ban IPs for one day on the first ban bantime-increment = { From 59bf355353f86a9cfcea1de92d523e8bb1a52458 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 4 Mar 2025 21:39:12 -0600 Subject: [PATCH 537/932] added extra jellyfin domain --- .../nixos/defiant/configuration.nix | 1 + modules/nixos-modules/server/jellyfin.nix | 21 ++++++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7e463300..a524e961 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -97,6 +97,7 @@ jellyfin = { enable = true; subdomain = "media"; + extraSubdomains = ["jellyfin"]; }; forgejo = { enable = true; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index a10470ae..78afbc7b 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -16,15 +16,30 @@ in { description = "subdomain of base domain that jellyfin will be hosted at"; default = "jellyfin"; }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "ex subdomain of base domain that jellyfin will be hosted at"; + default = []; + }; }; config = lib.mkIf config.host.jellyfin.enable ( lib.mkMerge [ { services.jellyfin.enable = true; - host.reverse_proxy.subdomains.${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString jellyfinPort}"; - }; + host.reverse_proxy.subdomains = lib.mkMerge ([ + { + ${config.host.jellyfin.subdomain} = { + target = "http://localhost:${toString jellyfinPort}"; + }; + } + ] + ++ (builtins.map (subdomain: { + ${subdomain} = { + target = "http://localhost:${toString jellyfinPort}"; + }; + }) + config.host.jellyfin.extraSubdomains)); environment.systemPackages = [ pkgs.jellyfin pkgs.jellyfin-web From b2fbcc0e63ad474abb78332f4ba14a691e2dc48b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 10:23:09 -0600 Subject: [PATCH 538/932] installed lix --- flake.lock | 86 +++++++++++++++++++++++++++++++++++++++++++++++- flake.nix | 9 +++-- util/default.nix | 4 +-- 3 files changed, 91 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 67e97948..1b96238b 100644 --- a/flake.lock +++ b/flake.lock @@ -93,6 +93,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -107,6 +125,21 @@ "type": "github" } }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -142,6 +175,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1737234286, + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737237494, + "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", + "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -165,7 +233,7 @@ "nix-vscode-extensions": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -223,6 +291,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", @@ -281,6 +350,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index fd46f2fe..f36ee441 100644 --- a/flake.nix +++ b/flake.nix @@ -5,11 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # TODO: figure out why things fail to build with lix - # lix-module = { - # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index 02e71556..cdc0caa1 100644 --- a/util/default.nix +++ b/util/default.nix @@ -9,7 +9,7 @@ sops-nix = inputs.sops-nix; disko = inputs.disko; impermanence = inputs.impermanence; - # lix-module = inputs.lix-module; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -76,7 +76,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - # lix-module.nixosModules.default + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 9b5dfa16e29d52efe627de82e074591c1285527e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 11:50:18 -0600 Subject: [PATCH 539/932] updated flake lock --- .../nixos/defiant/configuration.nix | 7 --- .../nixos/horizon/configuration.nix | 5 -- .../nixos/twilight/configuration.nix | 5 -- flake.lock | 50 +++++++++---------- modules/nixos-modules/sync.nix | 22 -------- nix-config-secrets | 1 + 6 files changed, 26 insertions(+), 64 deletions(-) create mode 160000 nix-config-secrets diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a524e961..de267d3e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -121,13 +121,6 @@ }; sync = { enable = true; - devices = { - ceder.autoAcceptFolders = true; - coven.autoAcceptFolders = true; - twilight.autoAcceptFolders = true; - horizon.autoAcceptFolders = true; - shale.autoAcceptFolders = true; - }; folders = { share = { enable = true; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 05c1b505..8a264879 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -19,11 +19,6 @@ }; sync = { enable = true; - devices = { - ceder.autoAcceptFolders = true; - coven.autoAcceptFolders = true; - twilight.autoAcceptFolders = true; - }; folders = { share.enable = true; leyla = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 7f5d01b7..555eb052 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -31,11 +31,6 @@ }; sync = { enable = true; - devices = { - ceder.autoAcceptFolders = true; - coven.autoAcceptFolders = true; - horizon.autoAcceptFolders = true; - }; folders = { share.enable = true; leyla = { diff --git a/flake.lock b/flake.lock index 1b96238b..ce9b77dd 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1739841949, - "narHash": "sha256-lSOXdgW/1zi/SSu7xp71v+55D5Egz8ACv0STkj7fhbs=", + "lastModified": 1740485968, + "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", "owner": "nix-community", "repo": "disko", - "rev": "15dbf8cebd8e2655a883b74547108e089f051bf0", + "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1740212040, - "narHash": "sha256-Gpvn9Z+ZgKPyb6qaAbahLbo6ZVj7VuLzSCmHZRvsACA=", + "lastModified": 1741233805, + "narHash": "sha256-aNmlbxeKPUfuOynHvIMBPrNgEs1ldHDIz1wbkitKDSs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9a8a0914000e4453c99a4c12e9862a0a40075851", + "rev": "a1cc22e90f45f6075a991348e896f1595c4efce9", "type": "gitlab" }, "original": { @@ -112,11 +112,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1740347597, - "narHash": "sha256-st5q9egkPGz8TUcVVlIQX7y6G3AzHob+6M963bwVq74=", + "lastModified": 1741217763, + "narHash": "sha256-g/TrltIjFHIjtzKY5CJpoPANfHQWDD43G5U1a/v5oVg=", "owner": "nix-community", "repo": "home-manager", - "rev": "12e26a74e5eb1a31e13daaa08858689e25ebd449", + "rev": "486b066025dccd8af7fbe5dd2cc79e46b88c80da", "type": "github" }, "original": { @@ -203,7 +203,7 @@ "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz?rev=a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba" }, "original": { "type": "tarball", @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1739933872, - "narHash": "sha256-UhuvTR4OrWR+WBaRCZm4YMkvjJhZ1KZo/jRjE41m+Ek=", + "lastModified": 1741229100, + "narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6ab392f626a19f1122d1955c401286e1b7cf6b53", + "rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab", "type": "github" }, "original": { @@ -254,11 +254,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740089251, - "narHash": "sha256-Y78mDBWoO8CLLTjQfPfII+KXFb6lAmF9GrLbyVBsIMM=", + "lastModified": 1740646007, + "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "18e9f9753e9ae261bcc7d3abe15745686991fd30", + "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740126099, - "narHash": "sha256-ozoOtE2hGsqh4XkTJFsrTkNxkRgShxpQxDynaPZUGxk=", + "lastModified": 1741173522, + "narHash": "sha256-k7VSqvv0r1r53nUI/IfPHCppkUAddeXn843YlAC5DR0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "32fb99ba93fea2798be0e997ea331dd78167f814", + "rev": "d69ab0d71b22fa1ce3dbeff666e6deb4917db049", "type": "github" }, "original": { @@ -323,11 +323,11 @@ ] }, "locked": { - "lastModified": 1739262228, - "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", + "lastModified": 1741043164, + "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", + "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", "type": "github" }, "original": { diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 50c4ae37..516e1418 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -8,23 +8,6 @@ in { options.host.sync = { enable = lib.mkEnableOption "should sync thing be enabled on this device"; - devices = { - ceder = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from ceder"; - }; - coven = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from coven"; - }; - twilight = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from twilight"; - }; - horizon = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from horizon"; - }; - shale = { - autoAcceptFolders = lib.mkEnableOption "should sync thing auto accept folders from shale"; - }; - }; folders = { share = { enable = lib.mkEnableOption "should the share folder by synced"; @@ -80,26 +63,21 @@ in { devices = { ceder = { id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; - autoAcceptFolders = config.host.sync.devices.ceder.autoAcceptFolders; }; coven = { id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; - autoAcceptFolders = config.host.sync.devices.coven.autoAcceptFolders; }; defiant = lib.mkIf (config.networking.hostName != "defiant") { id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; }; twilight = lib.mkIf (config.networking.hostName != "twilight") { id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; - autoAcceptFolders = config.host.sync.devices.twilight.autoAcceptFolders; }; horizon = lib.mkIf (config.networking.hostName != "horizon") { id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; - autoAcceptFolders = config.host.sync.devices.horizon.autoAcceptFolders; }; shale = { id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; - autoAcceptFolders = config.host.sync.devices.shale.autoAcceptFolders; }; }; folders = let diff --git a/nix-config-secrets b/nix-config-secrets new file mode 160000 index 00000000..db6d65e8 --- /dev/null +++ b/nix-config-secrets @@ -0,0 +1 @@ +Subproject commit db6d65e814bc0c99f6e9b95308184b004038243e From c6c17935dc3228a73ed49ee25ee8a4581a0c79a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 11:59:11 -0600 Subject: [PATCH 540/932] updated next cloud package --- modules/nixos-modules/server/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix index 6acd01d7..ada61dd9 100644 --- a/modules/nixos-modules/server/nextcloud.nix +++ b/modules/nixos-modules/server/nextcloud.nix @@ -34,7 +34,7 @@ in { services = { nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; settings.log_type = "file"; config = { From 4dc7fa293c961aff99ff28ed4a0f9ad58884d9ce Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 12:04:31 -0600 Subject: [PATCH 541/932] disabled ollama --- configurations/nixos/horizon/configuration.nix | 2 +- configurations/nixos/twilight/configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8a264879..c97a8920 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -51,7 +51,7 @@ enable = true; }; ollama = { - enable = true; + enable = false; loadModels = [ "deepseek-coder:1.3b" diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 555eb052..5238b840 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -42,7 +42,7 @@ services = { ollama = { - enable = true; + enable = false; loadModels = [ "deepseek-coder:6.7b" From c4a7c711fbb731e6c71852f0f08cad50fab5c7cb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 13:09:38 -0600 Subject: [PATCH 542/932] updated network config for defiant --- .../nixos/defiant/configuration.nix | 8 ----- .../nixos/defiant/hardware-configuration.nix | 33 +++++-------------- 2 files changed, 9 insertions(+), 32 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index de267d3e..bfd5a505 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -87,13 +87,6 @@ }; }; }; - # podman = { - # macvlan = { - # subnet = "192.168.1.0/24"; - # gateway = "192.168.1.1"; - # networkInterface = "bond0"; - # }; - # }; jellyfin = { enable = true; subdomain = "media"; @@ -113,7 +106,6 @@ }; pihole = { enable = true; - # ip = "192.168.1.201"; }; nextcloud = { enable = true; diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index f312f889..da19108b 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -35,12 +35,6 @@ networking = { hostName = "defiant"; # Define your hostname. useNetworkd = true; - interfaces = { - bond0.useDHCP = lib.mkDefault true; - bonding_masters.useDHCP = lib.mkDefault true; - enol.useDHCP = lib.mkDefault true; - eno2.useDHCP = lib.mkDefault true; - }; }; systemd.network = { @@ -60,33 +54,24 @@ }; networks = { - "30-enp4s0" = { - matchConfig.Name = "enp4s0"; + "30-eno1" = { + matchConfig.Name = "eno1"; networkConfig.Bond = "bond0"; - - address = [ - # configure addresses including subnet mask - "192.168.2.1/24" - ]; }; - "30-enp5s0" = { - matchConfig.Name = "enp5s0"; + "30-eno2" = { + matchConfig.Name = "eno2"; networkConfig.Bond = "bond0"; - - address = [ - # configure addresses including subnet mask - "192.168.2.2/24" - ]; }; "40-bond0" = { matchConfig.Name = "bond0"; - linkConfig.RequiredForOnline = "carrier"; - networkConfig.LinkLocalAddressing = "no"; - DHCP = "ipv4"; + linkConfig = { + RequiredForOnline = "degraded-carrier"; + RequiredFamilyForOnline = "any"; + }; + networkConfig.DHCP = "yes"; address = [ - # configure addresses including subnet mask "192.168.1.10/24" ]; }; From 591566cc2a499998db353718c34b03e7fcc47d70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 6 Mar 2025 14:23:12 -0600 Subject: [PATCH 543/932] removed pihole started drafting out adguardhome --- .../nixos/defiant/configuration.nix | 4 +- .../nixos/defiant/hardware-configuration.nix | 3 + modules/nixos-modules/impermanence.nix | 13 -- modules/nixos-modules/server/adguardhome.nix | 72 ++++++++ modules/nixos-modules/server/default.nix | 2 +- modules/nixos-modules/server/pihole.nix | 158 ------------------ modules/nixos-modules/server/podman.nix | 8 +- modules/nixos-modules/users.nix | 16 +- 8 files changed, 90 insertions(+), 186 deletions(-) create mode 100644 modules/nixos-modules/server/adguardhome.nix delete mode 100644 modules/nixos-modules/server/pihole.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index bfd5a505..3ea37e97 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -104,8 +104,8 @@ enable = true; subdomain = "home"; }; - pihole = { - enable = true; + adguardhome = { + enable = false; }; nextcloud = { enable = true; diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index da19108b..85dcd9e5 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -74,6 +74,9 @@ address = [ "192.168.1.10/24" ]; + + gateway = ["192.168.1.1"]; + dns = ["192.168.1.1"]; }; }; }; diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 008f0608..e969e203 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -102,19 +102,6 @@ directories = [ "/var/lib/nixos" "/var/lib/systemd/coredump" - - # config.apps.pihole.directory.root - - # config.apps.jellyfin.mediaDirectory - # config.services.jellyfin.configDir - # config.services.jellyfin.cacheDir - # config.services.jellyfin.dataDir - - # "/var/hass" # config.users.users.hass.home - # "/var/postgresql" # config.users.users.postgresql.home - # "/var/forgejo" # config.users.users.forgejo.home - # "/var/nextcloud" # config.users.users.nextcloud.home - # "/var/headscale" # config.users.users.headscale.home ]; files = [ "/etc/machine-id" diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix new file mode 100644 index 00000000..866ad8a9 --- /dev/null +++ b/modules/nixos-modules/server/adguardhome.nix @@ -0,0 +1,72 @@ +{ + lib, + config, + ... +}: let + dnsPort = 53; +in { + options.host.adguardhome = { + enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + directory = lib.mkOption { + type = lib.types.str; + default = "/var/lib/AdGuardHome/"; + }; + }; + config = lib.mkIf config.host.adguardhome.enable (lib.mkMerge [ + { + services.adguardhome = { + enable = true; + mutableSettings = false; + settings = { + dns = { + bootstrap_dns = [ + "1.1.1.1" + "9.9.9.9" + ]; + upstream_dns = [ + "dns.quad9.net" + ]; + }; + filtering = { + protection_enabled = true; + filtering_enabled = true; + + parental_enabled = false; # Parental control-based DNS requests filtering. + safe_search = { + enabled = false; # Enforcing "Safe search" option for search engines, when possible. + }; + }; + # The following notation uses map + # to not have to manually create {enabled = true; url = "";} for every filter + # This is, however, fully optional + filters = + map (url: { + enabled = true; + url = url; + }) [ + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist + ]; + }; + }; + + networking.firewall.allowedTCPPorts = [ + dnsPort + ]; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.host.adguardhome.directory; + user = "adguardhome"; + group = "adguardhome"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index c8e17a9c..a031b0d3 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,7 +9,7 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix - ./pihole.nix + ./adguardhome.nix ./nextcloud.nix ]; } diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix deleted file mode 100644 index aee61052..00000000 --- a/modules/nixos-modules/server/pihole.nix +++ /dev/null @@ -1,158 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - dnsPort = 53; - webPort = 8090; -in { - options.host.pihole = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; - directory = lib.mkOption { - type = lib.types.str; - default = "/var/lib/pihole"; - }; - image = lib.mkOption { - type = lib.types.str; - default = "pihole/pihole:latest"; - description = "container image to use for pi-hole"; - }; - # piholeStateDirectory = { - # type = lib.types.str; - # default = "${config.host.pihole.directory}/pihole"; - # }; - # tailscaleStateDirectory = { - # type = lib.types.str; - # default = "${config.host.pihole.directory}/tailscale"; - # }; - # piholeImage = lib.mkOption { - # type = lib.types.str; - # default = "pihole/pihole:2024.07.0"; - # description = "container image to use for pi-hole"; - # }; - # tailscaleImage = lib.mkOption { - # type = lib.types.str; - # default = "tailscale/tailscale:latest"; - # description = "container image to use for pi-holes tail scale"; - # }; - ip = lib.mkOption { - type = lib.types.str; - description = "ip address to use for pi-hole"; - }; - }; - config = lib.mkIf config.host.pihole.enable (lib.mkMerge [ - { - host.podman.enable = true; - sops = { - secrets = { - "services/pi-hole" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - # "wireguard-keys/tailscale-authkey/pihole" = { - # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; - # }; - }; - templates."pihole.env".content = '' - FTLCONF_webserver_api_password=${config.sops.placeholder."services/pi-hole"} - ''; - }; - systemd = { - tmpfiles.rules = [ - "d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system - # "d ${config.host.pihole.piholeStateDirectory} 755 pihole pihole -" - # "d ${config.host.pihole.tailscaleStateDirectory} 755 pihole pihole -" - ]; - - services = { - "podman-pihole" = { - serviceConfig = { - Restart = lib.mkOverride 500 "always"; - }; - # after = [ - # "podman-network-macvlan.service" - # ]; - # requires = [ - # "podman-network-macvlan.service" - # ]; - partOf = [ - "podman-compose-root.target" - ]; - wantedBy = [ - "podman-compose-root.target" - ]; - }; - }; - }; - - services.resolved.enable = false; - - virtualisation = { - oci-containers = { - containers = { - pihole = let - passwordFileLocation = "/var/lib/pihole/webpassword.txt"; - in { - image = config.host.pihole.image; - volumes = [ - "${config.host.pihole.directory}:/etc/pihole:rw" - "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}" - ]; - environment = { - TZ = "America/Chicago"; - FTLCONF_webserver_port = toString webPort; - PIHOLE_UID = toString config.users.users.pihole.uid; - PIHOLE_GID = toString config.users.groups.pihole.gid; - }; - environmentFiles = [ - config.sops.templates."pihole.env".path - ]; - log-driver = "journald"; - extraOptions = [ - "--network=host" - # "--network=container:${tailscale container id}" - ]; - }; - # ts-pihole = { - # image = config.host.pihole.tailscaleImage; - # volumes = "${config.host.pihole.tailscaleStateDirectory}:/var/lib/tailscale"; - # environment = { - # TS_ACCEPT_DNS = "false"; - # TS_HOSTNAME = "pihole"; - # TS_STATE_DIR = "/var/lib/tailscale"; - # TS_USERSPACE = "false"; - # TS_EXTRA_ARGS = "--advertise-tags=tag:container"; - # }; - # environmentFiles = [ - # config.sops.templates."tailscale-pihole.env".path - # ]; - # devices = [ - # "/dev/net/tun:/dev/net/tun" - # ]; - # extraOptions = [ - # "--ip=${config.host.pihole.ip}" - # "--network=macvlan" - # ]; - # }; - }; - }; - }; - networking.firewall.allowedTCPPorts = [ - dnsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.host.pihole.directory; - user = "pihole"; - group = "pihole"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix index b75c56f3..e806e65b 100644 --- a/modules/nixos-modules/server/podman.nix +++ b/modules/nixos-modules/server/podman.nix @@ -59,10 +59,10 @@ enable = true; autoPrune.enable = true; dockerCompat = true; - defaultNetwork.settings = { - # Required for container networking to be able to use names. - dns_enabled = true; - }; + # defaultNetwork.settings = { + # # Required for container networking to be able to use names. + # dns_enabled = true; + # }; }; oci-containers = { diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 15631a92..f57e8940 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -17,7 +17,7 @@ eve = 1002; jellyfin = 2000; forgejo = 2002; - pihole = 2003; + adguardhome = 2003; hass = 2004; headscale = 2005; nextcloud = 2006; @@ -32,7 +32,7 @@ jellyfin_media = 2001; jellyfin = 2000; forgejo = 2002; - pihole = 2003; + adguardhome = 2003; hass = 2004; headscale = 2005; nextcloud = 2006; @@ -123,10 +123,10 @@ in { group = config.users.users.forgejo.name; }; - pihole = { - uid = lib.mkForce uids.pihole; + adguardhome = { + uid = lib.mkForce uids.adguardhome; isSystemUser = true; - group = config.users.users.pihole.name; + group = config.users.users.adguardhome.name; }; hass = { @@ -208,10 +208,10 @@ in { ]; }; - pihole = { - gid = lib.mkForce gids.pihole; + adguardhome = { + gid = lib.mkForce gids.adguardhome; members = [ - users.pihole.name + users.adguardhome.name # leyla ]; }; From 651a988558bd7b14fe5506e688d7a954c0c30c7c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 15:05:04 -0600 Subject: [PATCH 544/932] updated ROOT_URL for forgejo --- modules/nixos-modules/server/forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index db1549d6..a6b3edec 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -49,6 +49,7 @@ in { SSH_PORT = 22; # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com:"; }; service = { DISABLE_REGISTRATION = true; From 46615cc36153e04de43274c474582868c91ae6b2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 15:10:37 -0600 Subject: [PATCH 545/932] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index eab19836..448c91dc 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords - move fail2ban configs out of fail2ban.nix and into configs for their respective services +- nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init From 62abf65e5af948a5fad393a19587a6d0ab6edd6b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:14:42 -0600 Subject: [PATCH 546/932] enabled ACME --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3ea37e97..9d6a4345 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -77,7 +77,7 @@ }; reverse_proxy = { enable = true; - enableACME = false; + enableACME = true; hostname = "jan-leila.com"; }; postgres = { From 8b39a8084950929f1c4c260f23bead1ccde6f9f7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:18:37 -0600 Subject: [PATCH 547/932] added extra config to services --- .../nixos-modules/server/home-assistant.nix | 19 +++++++++++- modules/nixos-modules/server/jellyfin.nix | 30 +++++++++++++++++++ .../nixos-modules/server/reverse_proxy.nix | 8 +++++ 3 files changed, 56 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index ba6d81fd..cadb607e 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -18,10 +18,15 @@ in { { services.home-assistant = { enable = true; + extraComponents = [ + "esphome" + "met" + "radio_browser" + ]; config.http = { server_port = 8082; use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1"]; + trusted_proxies = ["127.0.0.1" "::1"]; ip_ban_enabled = true; login_attempts_threshold = 10; }; @@ -29,6 +34,18 @@ in { host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + websockets = true; + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 90; + ''; }; }; } diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 78afbc7b..4746ad36 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -31,12 +31,42 @@ in { { ${config.host.jellyfin.subdomain} = { target = "http://localhost:${toString jellyfinPort}"; + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; + add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_buffering off; + ''; }; } ] ++ (builtins.map (subdomain: { ${subdomain} = { target = "http://localhost:${toString jellyfinPort}"; + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; + add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + + proxy_buffering off; + ''; }; }) config.host.jellyfin.extraSubdomains)); diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index a218b3f5..a406b146 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -31,6 +31,13 @@ in { description = "where should this host point to"; }; websockets = lib.mkEnableOption "should websockets be proxied"; + extraConfig = lib.mkOption { + type = lib.types.lines; + default = ""; + description = '' + These lines go to the end of the upstream verbatim. + ''; + }; }; })); default = {}; @@ -53,6 +60,7 @@ in { locations."/" = { proxyPass = value.target; proxyWebsockets = value.websockets; + extraConfig = value.extraConfig; }; }) config.host.reverse_proxy.subdomains; From 86c585111cf58f3aae11697cdf524d5e591f8f0d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:35:41 -0600 Subject: [PATCH 548/932] added packages for home assistant --- modules/nixos-modules/server/home-assistant.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index cadb607e..63f67d2a 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -22,6 +22,7 @@ in { "esphome" "met" "radio_browser" + "isal" ]; config.http = { server_port = 8082; @@ -30,6 +31,11 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; + extraPackages = python3Packages: + with python3Packages; [ + numpy + gtts + ]; }; host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { From 99e57603c768e5e75abf8984568178e68592987d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 18:54:22 -0600 Subject: [PATCH 549/932] added components to home assistant --- modules/nixos-modules/server/home-assistant.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 63f67d2a..8ff688f6 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -18,11 +18,22 @@ in { { services.home-assistant = { enable = true; + configDir = configDir; extraComponents = [ "esphome" "met" "radio_browser" "isal" + "zha" + "jellyfin" + "webostv" + "tailscale" + "syncthing" + "sonos" + "analytics_insights" + "unifi" + "minecraft_server" + "openweathermap" ]; config.http = { server_port = 8082; @@ -44,12 +55,16 @@ in { extraConfig = '' add_header Upgrade $http_upgrade; add_header Connection \"upgrade\"; + proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_buffering off; + proxy_read_timeout 90; ''; }; From 9715517af68766b21316600c3dbdfd45b662fcdd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 7 Mar 2025 19:53:11 -0600 Subject: [PATCH 550/932] added more config to home assistant --- .../nixos-modules/server/home-assistant.nix | 23 +++++++++++++------ 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 8ff688f6..967846af 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -20,7 +20,6 @@ in { enable = true; configDir = configDir; extraComponents = [ - "esphome" "met" "radio_browser" "isal" @@ -35,12 +34,22 @@ in { "minecraft_server" "openweathermap" ]; - config.http = { - server_port = 8082; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; + config = { + homeassistant = { + name = "Home"; + latitude = "!secret latitude"; + longitude = "!secret longitude"; + elevation = "!secret elevation"; + unit_system = "metric"; + time_zone = "CDT"; + }; + http = { + server_port = 8082; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; }; extraPackages = python3Packages: with python3Packages; [ From 0e5d8e3335764f411f4d1d27d2fdff8fd5a8925a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Mar 2025 05:05:32 -0600 Subject: [PATCH 551/932] added postgres config to home assistant --- .../nixos-modules/server/home-assistant.nix | 42 +++++++++++++++---- modules/nixos-modules/server/postgres.nix | 1 + 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 967846af..5c4b81f4 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,9 +1,11 @@ { lib, + pkgs, config, ... }: let configDir = "/var/lib/hass"; + db_user = "hass"; in { options.host.home-assistant = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; @@ -16,8 +18,18 @@ in { config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ { + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; services.home-assistant = { enable = true; + package = + (pkgs.home-assistant.override { + extraPackages = py: with py; [psycopg2]; + }) + .overrideAttrs (oldAttrs: { + doInstallCheck = false; + }); configDir = configDir; extraComponents = [ "met" @@ -35,14 +47,6 @@ in { "openweathermap" ]; config = { - homeassistant = { - name = "Home"; - latitude = "!secret latitude"; - longitude = "!secret longitude"; - elevation = "!secret elevation"; - unit_system = "metric"; - time_zone = "CDT"; - }; http = { server_port = 8082; use_x_forwarded_for = true; @@ -50,6 +54,9 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; + recorder.db_url = "postgresql://@/${db_user}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; }; extraPackages = python3Packages: with python3Packages; [ @@ -57,6 +64,11 @@ in { gtts ]; }; + systemd.services.home-assistant = { + requires = [ + "postgresql.service" + ]; + }; host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; @@ -77,6 +89,20 @@ in { proxy_read_timeout 90; ''; }; + postgres = { + enable = true; + extraUsers = { + ${db_user} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${db_user} = { + name = db_user; + }; + }; + }; }; } (lib.mkIf config.host.impermanence.enable { diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix index 8d57d429..71ce44c5 100644 --- a/modules/nixos-modules/server/postgres.nix +++ b/modules/nixos-modules/server/postgres.nix @@ -65,6 +65,7 @@ in { ++ ( builtins.map (user: { name = user.name; + ensureDBOwnership = true; }) createUsers ); From f5c67b812f7b4d00f8977b6034d2c0141d8f12a4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Mar 2025 16:16:03 -0600 Subject: [PATCH 552/932] updated nfs mounts --- .../nixos/horizon/hardware-configuration.nix | 24 +++---------------- .../nixos/twilight/hardware-configuration.nix | 12 +++------- 2 files changed, 6 insertions(+), 30 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 48a46808..b7e7d849 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -38,41 +38,23 @@ fsType = "vfat"; }; - "/mnt/new_leyla_home" = { + "/mnt/leyla_home" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/new_eve_home" = { + "/mnt/eve_home" = { device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/new_users_home" = { + "/mnt/users_home" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - - "/mnt/leyla_home" = { - device = "server.arpa:/home/leyla"; - fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; - }; - - "/mnt/share_home" = { - device = "server.arpa:/home/share"; - fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; - }; - - "/mnt/docker_home" = { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; - }; }; environment.systemPackages = with pkgs; [ diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index d547c9cd..53e8cc2a 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -48,22 +48,16 @@ }; "/mnt/leyla_home" = { - device = "server.arpa:/home/leyla"; + device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/share_home" = { - device = "server.arpa:/home/share"; + "/mnt/users_home" = { + device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - - "/mnt/docker_home" = { - device = "server.arpa:/home/docker"; - fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"]; - }; }; environment.systemPackages = with pkgs; [ From 1e98b54454f86dc3963dd1ca6e3522dd2289d6aa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 14:10:50 -0500 Subject: [PATCH 553/932] added more config for nfs mounts --- configurations/nixos/defiant/configuration.nix | 7 +++++++ .../nixos/horizon/hardware-configuration.nix | 12 +++++++++--- .../nixos/twilight/hardware-configuration.nix | 4 ++-- modules/nixos-modules/server/jellyfin.nix | 8 ++++++-- .../nixos-modules/server/network_storage/default.nix | 2 +- modules/nixos-modules/server/network_storage/nfs.nix | 4 ++-- 6 files changed, 27 insertions(+), 10 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9d6a4345..2ec79143 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -58,6 +58,7 @@ folder = "leyla"; user = "leyla"; group = "leyla"; + bind = "/home/leyla/documents"; } { folder = "eve"; @@ -69,6 +70,12 @@ user = "root"; group = "users"; } + { + folder = "media"; + user = "jellyfin"; + group = "jellyfin_media"; + bind = config.host.jellyfin.media_directory; + } ]; nfs = { enable = true; diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index b7e7d849..f5342a19 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -38,23 +38,29 @@ fsType = "vfat"; }; - "/mnt/leyla_home" = { + "/mnt/leyla_documents" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/eve_home" = { + "/mnt/eve_documents" = { device = "defiant:/exports/eve"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/users_home" = { + "/mnt/users_documents" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; }; environment.systemPackages = with pkgs; [ diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 53e8cc2a..c215e02f 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -47,13 +47,13 @@ options = ["fmask=0022" "dmask=0022"]; }; - "/mnt/leyla_home" = { + "/mnt/leyla_documents" = { device = "defiant:/exports/leyla"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; - "/mnt/users_home" = { + "/mnt/users_documents" = { device = "defiant:/exports/users"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 4746ad36..ba58fe91 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -7,7 +7,6 @@ jellyfinPort = 8096; jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; - jellyfin_media_directory = "/srv/jellyfin/media"; in { options.host.jellyfin = { enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; @@ -21,6 +20,11 @@ in { description = "ex subdomain of base domain that jellyfin will be hosted at"; default = []; }; + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; }; config = lib.mkIf config.host.jellyfin.enable ( @@ -126,7 +130,7 @@ in { hideMounts = true; directories = [ { - directory = jellyfin_media_directory; + directory = config.host.jellyfin.media_directory; user = "jellyfin"; group = "jellyfin_media"; mode = "1770"; diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index fecc05f6..f756738a 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -57,7 +57,7 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2770 root root -" + "d ${config.host.network_storage.export_directory} 2775 root root -" ] ++ ( builtins.map ( diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index e793b16c..9aaab39e 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -38,8 +38,8 @@ services.nfs.server = { enable = true; exports = lib.strings.concatLines ( - builtins.map ( - directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt)" + lib.lists.imap0 ( + i: directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt,fsid=${builtins.toString i})" ) ( builtins.filter ( From 7b9b394ad26fa67fe50acdf1cde582f29805c3df Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 14:24:15 -0500 Subject: [PATCH 554/932] exported export folder from nfs --- configurations/home-manager/leyla/packages.nix | 1 - configurations/nixos/defiant/configuration.nix | 2 +- configurations/nixos/horizon/hardware-configuration.nix | 2 +- configurations/nixos/twilight/hardware-configuration.nix | 6 ++++++ 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 11c7af1e..cceffb67 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -76,7 +76,6 @@ in { # system tools protonvpn-gui openvpn - nextcloud-client noisetorch # hardware managment tools diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2ec79143..f70a15dc 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -115,7 +115,7 @@ enable = false; }; nextcloud = { - enable = true; + enable = false; subdomain = "drive"; }; sync = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index f5342a19..cb72d556 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -59,7 +59,7 @@ "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; }; diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index c215e02f..81b32aea 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -58,6 +58,12 @@ fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + }; }; environment.systemPackages = with pkgs; [ From 06adc798da01e0380de78d07a55e300e5ad695d9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 14:41:01 -0500 Subject: [PATCH 555/932] added more config to media folder --- configurations/nixos/horizon/hardware-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index cb72d556..f5342a19 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -59,7 +59,7 @@ "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; }; From c4c84503f58a99bee9938b967b9a326ab7368f88 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 21:48:27 -0500 Subject: [PATCH 556/932] added package to home assistant --- modules/nixos-modules/server/home-assistant.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 5c4b81f4..09223120 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -60,6 +60,7 @@ in { }; extraPackages = python3Packages: with python3Packages; [ + hassil numpy gtts ]; From 769da44f84dc8ddb2931d38b7eb6c35d4ed6ff20 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 9 Mar 2025 21:50:09 -0500 Subject: [PATCH 557/932] removed next cloud --- .../nixos/defiant/configuration.nix | 4 -- modules/nixos-modules/server/default.nix | 1 - modules/nixos-modules/server/fail2ban.nix | 60 +++++++++++----- modules/nixos-modules/server/nextcloud.nix | 69 ------------------- 4 files changed, 41 insertions(+), 93 deletions(-) delete mode 100644 modules/nixos-modules/server/nextcloud.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f70a15dc..89d1af55 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -114,10 +114,6 @@ adguardhome = { enable = false; }; - nextcloud = { - enable = false; - subdomain = "drive"; - }; sync = { enable = true; folders = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index a031b0d3..88549369 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,6 +10,5 @@ ./searx.nix ./home-assistant.nix ./adguardhome.nix - ./nextcloud.nix ]; } diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 2f6dc58b..cd2a978d 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, ... }: let @@ -12,6 +13,41 @@ in { config = lib.mkIf config.host.fail2ban.enable (lib.mkMerge [ { + environment.etc = { + "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "limiting requests, excess:.* by zone.*client: " + '') + ); + "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." + '') + ); + "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " + '') + ); + "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + services.fail2ban = { enable = true; maxretry = 5; @@ -34,54 +70,40 @@ in { }; jails = { nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + enabled = true; filter = "nginx"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; backend = "auto"; - failregex = "limiting requests, excess:.* by zone.*client: "; findtime = 600; bantime = 600; maxretry = 5; }; jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + enabled = true; filter = "jellyfin"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; logpath = "${config.services.jellyfin.dataDir}/log/*.log"; backend = "auto"; - failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\."; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - nextcloud-iptables.settings = lib.mkIf config.services.nextcloud.enable { - filter = "nextcloud"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.nextcloud.datadir}/*.log"; - backend = "auto"; - failregex = '' - ^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: ''\)","level":2,"time":".*"}$ - ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user,:".*","app":"no app in context".*","method":".*","message":"Login failed: '.*' \(Remote IP: ''\)".*}$ - ^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","user":".*","app":".*","method":".*","url":".*","message":"Login failed: .* \(Remote IP: \).*}$ - ''; findtime = 600; bantime = 600; maxretry = 5; }; forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + enabled = true; filter = "forgejo"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; logpath = "${config.services.forgejo.stateDir}/log/*.log"; backend = "auto"; - failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from "; findtime = 600; bantime = 600; maxretry = 5; }; home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - filter = "home-assistant"; + enabled = true; + filter = "hass"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; logpath = "${config.services.home-assistant.configDir}/*.log"; backend = "auto"; - failregex = "^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$"; findtime = 600; bantime = 600; maxretry = 5; diff --git a/modules/nixos-modules/server/nextcloud.nix b/modules/nixos-modules/server/nextcloud.nix deleted file mode 100644 index ada61dd9..00000000 --- a/modules/nixos-modules/server/nextcloud.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - lib, - pkgs, - config, - inputs, - ... -}: let - dataDir = "/var/lib/nextcloud"; -in { - options.host.nextcloud = { - enable = lib.mkEnableOption "should nextcloud be enabled on this computer"; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that nextcloud will be hosted at"; - default = "nextcloud"; - }; - }; - - config = lib.mkIf config.host.nextcloud.enable (lib.mkMerge [ - { - sops.secrets = { - "services/nextcloud_adminpass" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - owner = config.users.users.nextcloud.name; - }; - }; - - host = { - reverse_proxy.subdomains.${config.host.nextcloud.subdomain} = { - target = "http://localhost:${toString 8009}"; - }; - }; - - services = { - nextcloud = { - enable = true; - package = pkgs.nextcloud31; - hostName = "${config.host.nextcloud.subdomain}.${config.host.reverse_proxy.hostname}"; - settings.log_type = "file"; - config = { - adminpassFile = config.sops.secrets."services/nextcloud_adminpass".path; - adminuser = "admin"; - dbtype = "sqlite"; - }; - }; - }; - } - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.nextcloud.datadir == dataDir; - message = "nextcloud data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "nextcloud"; - group = "nextcloud"; - } - ]; - }; - }) - ]); -} From 682e911e3cdbe9630757c8e874ed195d75ddfb40 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Mar 2025 00:41:56 -0500 Subject: [PATCH 558/932] updated bookmarks in firefox --- configurations/home-manager/leyla/firefox.nix | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 3f6a09ce..59450c46 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -261,14 +261,7 @@ bookmarks = [ { name = "Media"; - url = "https://jellyfin.jan-leila.com/"; - # url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Drive"; - url = "https://drive.jan-leila.com/"; + url = "https://media.jan-leila.com/"; keyword = ""; tags = [""]; } @@ -280,7 +273,7 @@ } { name = "Home Automation"; - url = "https://home-assistant.jan-leila.com/"; + url = "https://home.jan-leila.com/"; keyword = ""; tags = [""]; } From 9ef33d0d8be906d3c1ff4f789055546f57b45620 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Mar 2025 17:55:00 -0500 Subject: [PATCH 559/932] fixed nfs shares --- .../nixos/defiant/configuration.nix | 8 ++++---- .../nixos/horizon/hardware-configuration.nix | 6 +++--- .../server/network_storage/nfs.nix | 19 +++++++++++-------- 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 89d1af55..39237151 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -55,18 +55,18 @@ enable = true; directories = [ { - folder = "leyla"; + folder = "leyla_documents"; user = "leyla"; group = "leyla"; bind = "/home/leyla/documents"; } { - folder = "eve"; + folder = "eve_documents"; user = "eve"; group = "eve"; } { - folder = "users"; + folder = "users_documents"; user = "root"; group = "users"; } @@ -79,7 +79,7 @@ ]; nfs = { enable = true; - directories = ["leyla" "eve"]; + directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; reverse_proxy = { diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index f5342a19..65c2aa2c 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -39,19 +39,19 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla"; + device = "defiant:/exports/leyla_documents"; fsType = "nfs"; options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/eve_documents" = { - device = "defiant:/exports/eve"; + device = "defiant:/exports/eve_documents"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; "/mnt/users_documents" = { - device = "defiant:/exports/users"; + device = "defiant:/exports/users_documents"; fsType = "nfs"; options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; }; diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 9aaab39e..b398582f 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -38,15 +38,18 @@ services.nfs.server = { enable = true; exports = lib.strings.concatLines ( - lib.lists.imap0 ( - i: directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt,fsid=${builtins.toString i})" - ) - ( - builtins.filter ( - directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + [ + "/export 100.64.0.0/10(rw,fsid=0,no_subtree_check)" + ] + ++ (builtins.map ( + directory: "${directory._directory} 100.64.0.0/10(rw,nohide,sync,no_subtree_check,crossmnt)" ) - config.host.network_storage.directories - ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + ) + config.host.network_storage.directories + )) ); }; networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ From 596455406003dda4a3842424361efcd156fa191c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 10 Mar 2025 18:00:30 -0500 Subject: [PATCH 560/932] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 448c91dc..9a1c362c 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords +- nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services - nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features From 3cd17b36931a0ec8314b56031aef34598dda1c78 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 11 Mar 2025 00:33:23 -0500 Subject: [PATCH 561/932] removed postgres from home-assistant db --- flake.lock | 53 +++++++------------ .../nixos-modules/server/home-assistant.nix | 31 +---------- 2 files changed, 19 insertions(+), 65 deletions(-) diff --git a/flake.lock b/flake.lock index ce9b77dd..da1433e3 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741233805, - "narHash": "sha256-aNmlbxeKPUfuOynHvIMBPrNgEs1ldHDIz1wbkitKDSs=", + "lastModified": 1741665811, + "narHash": "sha256-yQwFid0LSC2syNBTXCSJTZ1EX1OQjBoGk0fSIaaiC+Q=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a1cc22e90f45f6075a991348e896f1595c4efce9", + "rev": "ba7a019fc6c9ee63e3e1a425e0bbf8dd697f7b16", "type": "gitlab" }, "original": { @@ -58,22 +58,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1629284811, @@ -147,11 +131,11 @@ ] }, "locked": { - "lastModified": 1741217763, - "narHash": "sha256-g/TrltIjFHIjtzKY5CJpoPANfHQWDD43G5U1a/v5oVg=", + "lastModified": 1741635347, + "narHash": "sha256-2aYfV44h18alHXopyfL4D9GsnpE5XlSVkp4MGe586VU=", "owner": "nix-community", "repo": "home-manager", - "rev": "486b066025dccd8af7fbe5dd2cc79e46b88c80da", + "rev": "7fb8678716c158642ac42f9ff7a18c0800fea551", "type": "github" }, "original": { @@ -232,18 +216,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1740275623, - "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=", + "lastModified": 1741657825, + "narHash": "sha256-QzO/VwD7OAedSFpDuj7XCQSpiGEy597nrQNii5wPW5Q=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3", + "rev": "c87cf45f4901c86a62fae357a06a6ad84af2a496", "type": "github" }, "original": { @@ -254,11 +237,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1740646007, - "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=", + "lastModified": 1741325094, + "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49", + "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", "type": "github" }, "original": { @@ -270,11 +253,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741173522, - "narHash": "sha256-k7VSqvv0r1r53nUI/IfPHCppkUAddeXn843YlAC5DR0=", + "lastModified": 1741513245, + "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d69ab0d71b22fa1ce3dbeff666e6deb4917db049", + "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", "type": "github" }, "original": { @@ -323,11 +306,11 @@ ] }, "locked": { - "lastModified": 1741043164, - "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", + "lastModified": 1741644481, + "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3f2412536eeece783f0d0ad3861417f347219f4d", + "rev": "e653d71e82575a43fe9d228def8eddb73887b866", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 09223120..01423e66 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,11 +1,9 @@ { lib, - pkgs, config, ... }: let configDir = "/var/lib/hass"; - db_user = "hass"; in { options.host.home-assistant = { enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; @@ -23,13 +21,6 @@ in { ]; services.home-assistant = { enable = true; - package = - (pkgs.home-assistant.override { - extraPackages = py: with py; [psycopg2]; - }) - .overrideAttrs (oldAttrs: { - doInstallCheck = false; - }); configDir = configDir; extraComponents = [ "met" @@ -43,7 +34,6 @@ in { "sonos" "analytics_insights" "unifi" - "minecraft_server" "openweathermap" ]; config = { @@ -54,7 +44,7 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; - recorder.db_url = "postgresql://@/${db_user}"; + # recorder.db_url = "postgresql://@/${db_user}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; }; @@ -65,11 +55,6 @@ in { gtts ]; }; - systemd.services.home-assistant = { - requires = [ - "postgresql.service" - ]; - }; host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; @@ -90,20 +75,6 @@ in { proxy_read_timeout 90; ''; }; - postgres = { - enable = true; - extraUsers = { - ${db_user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${db_user} = { - name = db_user; - }; - }; - }; }; } (lib.mkIf config.host.impermanence.enable { From 32e00602f0cdda6f2b72cc460ddfa434fa42b30f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 11 Mar 2025 18:48:44 -0500 Subject: [PATCH 562/932] removed some extra config from jellyfin nginx config to fix webos --- modules/nixos-modules/server/jellyfin.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index ba58fe91..e3eb9865 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -38,8 +38,6 @@ in { extraConfig = '' client_max_body_size 20M; add_header X-Content-Type-Options "nosniff"; - add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; - add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -59,8 +57,6 @@ in { extraConfig = '' client_max_body_size 20M; add_header X-Content-Type-Options "nosniff"; - add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'"; - add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; From 80092713e3672756a0e2c55993a503602ff57531 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 13 Mar 2025 01:40:26 -0500 Subject: [PATCH 563/932] updated flake lock --- flake.lock | 36 ++++++++++++++++++------------------ flake.nix | 2 ++ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index da1433e3..0ef39bcd 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1740485968, - "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=", + "lastModified": 1741786315, + "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", "owner": "nix-community", "repo": "disko", - "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940", + "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741665811, - "narHash": "sha256-yQwFid0LSC2syNBTXCSJTZ1EX1OQjBoGk0fSIaaiC+Q=", + "lastModified": 1741786843, + "narHash": "sha256-1m1krwWuROjou56kuILpYZ3imlOgpW2hPqczObinQwQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "ba7a019fc6c9ee63e3e1a425e0bbf8dd697f7b16", + "rev": "51bc10cdd5c2ea8f2cd5adcc587ba0479409312e", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1741635347, - "narHash": "sha256-2aYfV44h18alHXopyfL4D9GsnpE5XlSVkp4MGe586VU=", + "lastModified": 1741791118, + "narHash": "sha256-4Y427uj0eql4yRU5rely3EcOlB9q457UDbG9omPtXiA=", "owner": "nix-community", "repo": "home-manager", - "rev": "7fb8678716c158642ac42f9ff7a18c0800fea551", + "rev": "18780912345970e5b546b1b085385789b6935a83", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1741229100, - "narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=", + "lastModified": 1741794429, + "narHash": "sha256-4J46D8sOZ3UroVyGYKYMU3peq9gv0tjRX0KbZihWhhw=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab", + "rev": "2fb6b09b678a1ab258cf88e3ea4a966edceec6a8", "type": "github" }, "original": { @@ -222,11 +222,11 @@ ] }, "locked": { - "lastModified": 1741657825, - "narHash": "sha256-QzO/VwD7OAedSFpDuj7XCQSpiGEy597nrQNii5wPW5Q=", + "lastModified": 1741772639, + "narHash": "sha256-u6jSqRGsfm4Af+tUKJsJ346XwJuomL6Qxiu/BZieowU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c87cf45f4901c86a62fae357a06a6ad84af2a496", + "rev": "2f079586510bc77bac539cf330edaebb9d51e0e0", "type": "github" }, "original": { @@ -237,11 +237,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1741325094, - "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", + "lastModified": 1741792691, + "narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", + "rev": "e1f12151258b12c567f456d8248e4694e9390613", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f36ee441..bf9976db 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,8 @@ flake = false; }; + # common config for syncthing + # disk configurations disko = { url = "github:nix-community/disko"; From 395a25eff1e6647c2bfe6e2348ab15800b4dc8f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 13 Mar 2025 02:13:11 -0500 Subject: [PATCH 564/932] adopted new syncthing flake --- configurations/syncthing/default.nix | 95 +++++++++++++++++++++++++ flake.lock | 34 +++++++-- flake.nix | 8 +++ modules/nixos-modules/sync.nix | 102 ++++----------------------- util/default.nix | 8 +++ 5 files changed, 154 insertions(+), 93 deletions(-) create mode 100644 configurations/syncthing/default.nix diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix new file mode 100644 index 00000000..bc557eba --- /dev/null +++ b/configurations/syncthing/default.nix @@ -0,0 +1,95 @@ +{config, ...}: { + folders = { + leyla_documents = { + id = "hvrj0-9bm1p"; + }; + leyla_calendar = { + id = "8oatl-1rv6w"; + }; + leyla_notes = { + id = "dwbuv-zffnf"; + }; + share = { + id = "73ot0-cxmkx"; + }; + }; + devices = { + defiant = { + id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; + folders = { + leyla_documents = { + folder = config.folders.leyla_documents; + path = "/mnt/sync/leyla/documents"; + }; + leyla_calendar = { + folder = config.folders.leyla_calendar; + path = "/mnt/sync/leyla/calendar"; + }; + leyla_notes = { + folder = config.folders.leyla_notes; + path = "/mnt/sync/leyla/notes"; + }; + share = { + folder = config.folders.share; + path = "/mnt/sync/default/share"; + }; + }; + }; + twilight = { + id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; + folders = { + leyla_documents = { + folder = config.folders.leyla_documents; + path = "/mnt/sync/leyla/documents"; + }; + share = { + folder = config.folders.share; + path = "/mnt/sync/default/share"; + }; + }; + }; + horizon = { + id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; + folders = { + leyla_documents = { + folder = config.folders.leyla_documents; + path = "/mnt/sync/leyla/documents"; + }; + share = { + folder = config.folders.share; + path = "/mnt/sync/default/share"; + }; + }; + }; + coven = { + id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; + folders = { + share = { + folder = config.folders.share; + }; + }; + }; + ceder = { + id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; + folders = { + share = { + folder = config.folders.share; + }; + leyla_calendar = { + folder = config.folders.leyla_calendar; + }; + leyla_notes = { + folder = config.folders.leyla_notes; + }; + }; + }; + shale = { + id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; + folders = { + share = { + folder = config.folders.share; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 0ef39bcd..11bbff83 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741786843, - "narHash": "sha256-1m1krwWuROjou56kuILpYZ3imlOgpW2hPqczObinQwQ=", + "lastModified": 1741838604, + "narHash": "sha256-ytHdrfSbbPvla43Ykd61cVkS2JLA8wBEHcnf4yLFP7Y=", "owner": "rycee", "repo": "nur-expressions", - "rev": "51bc10cdd5c2ea8f2cd5adcc587ba0479409312e", + "rev": "e41884886e7798003973f487f37b979ee92f7d99", "type": "gitlab" }, "original": { @@ -214,6 +214,27 @@ "type": "github" } }, + "nix-syncthing": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741849924, + "narHash": "sha256-5vyb1H6HtW24QVqfI56P4QVQP6vHh1jS9ULwnunCO94=", + "ref": "main", + "rev": "86bcb200c83b6a5d13b3583126b9d8dc6770613a", + "revCount": 6, + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" + } + }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils_3", @@ -222,11 +243,11 @@ ] }, "locked": { - "lastModified": 1741772639, - "narHash": "sha256-u6jSqRGsfm4Af+tUKJsJ346XwJuomL6Qxiu/BZieowU=", + "lastModified": 1741830545, + "narHash": "sha256-SzbDILDATgMCYk2SxPYLCBVdT6mHtlyeYZDn2SZaIuU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2f079586510bc77bac539cf330edaebb9d51e0e0", + "rev": "28318c164b39b70a14851aed7ad0ea7f03ca417e", "type": "github" }, "original": { @@ -276,6 +297,7 @@ "impermanence": "impermanence", "lix-module": "lix-module", "nix-darwin": "nix-darwin", + "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index bf9976db..8c64e2bf 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,10 @@ }; # common config for syncthing + nix-syncthing = { + url = "git+https://git.jan-leila.com/jan-leila/nix-syncthing?ref=main"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # disk configurations disko = { @@ -73,6 +77,7 @@ self, nixpkgs, sops-nix, + nix-syncthing, home-manager, impermanence, ... @@ -84,6 +89,7 @@ mkNixosSystem = util.mkNixosSystem; mkDarwinSystem = util.mkDarwinSystem; mkHome = util.mkHome; + syncthingConfiguration = util.syncthingConfiguration; installerSystems = { basic = mkNixosInstaller "basic" []; @@ -153,5 +159,7 @@ darwinConfigurations = darwinSystems; homeConfigurations = homeConfigurations; + + syncthingConfiguration = syncthingConfiguration; }; } diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 516e1418..e185781b 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -1,6 +1,7 @@ { config, lib, + outputs, ... }: let mountDir = "/mnt/sync"; @@ -59,97 +60,24 @@ in { configDir = configDir; overrideDevices = true; overrideFolders = true; - settings = { - devices = { - ceder = { - id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; - }; - coven = { - id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; - }; - defiant = lib.mkIf (config.networking.hostName != "defiant") { - id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; - }; - twilight = lib.mkIf (config.networking.hostName != "twilight") { - id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; - }; - horizon = lib.mkIf (config.networking.hostName != "horizon") { - id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; - }; - shale = { - id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; - }; - }; - folders = let - ceder = "ceder"; - coven = "coven"; - shale = "shale"; - defiant = lib.mkIf (config.networking.hostName != "defiant") "defiant"; - twilight = lib.mkIf (config.networking.hostName != "twilight") "twilight"; - horizon = lib.mkIf (config.networking.hostName != "horizon") "horizon"; - in - lib.mkMerge [ - config.host.sync.folders.extraFolders - (lib.mkIf config.host.sync.folders.leyla.documents.enable { - "documents" = { - id = "hvrj0-9bm1p"; - path = "${mountDir}/leyla/documents"; - devices = [ - defiant - ceder - coven - twilight - horizon - ]; - }; - }) - (lib.mkIf config.host.sync.folders.share.calendar.enable { - "calendar" = { - id = "8oatl-1rv6w"; - path = "${mountDir}/default/calendar"; - devices = [ - defiant - ceder - shale - ]; - }; - }) - (lib.mkIf config.host.sync.folders.leyla.notes.enable { - "notes" = { - id = "dwbuv-zffnf"; - path = "${mountDir}/leyla/notes"; - devices = [ - defiant - ceder - ]; - }; - }) - (lib.mkIf config.host.sync.folders.share.enable { - "share" = { - id = "73ot0-cxmkx"; - path = "${mountDir}/default/share"; - devices = [ - defiant - ceder - coven - twilight - horizon - shale - ]; - }; - }) - ]; - }; + configuration = outputs.syncthingConfiguration; + deviceName = config.networking.hostName; }; } (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.syncthing.configDir == configDir; - message = "syncthing config dir does not match persistence"; - } - ]; + assertions = + [ + { + assertion = config.services.syncthing.configDir == configDir; + message = "syncthing config dir does not match persistence"; + } + ] + ++ lib.attrsets.mapAttrsToList (_: folder: { + assertion = lib.strings.hasPrefix mountDir folder.path; + message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; + }) + config.services.syncthing.folders; environment.persistence = { "/persist/system/root" = { enable = true; diff --git a/util/default.nix b/util/default.nix index cdc0caa1..028212ca 100644 --- a/util/default.nix +++ b/util/default.nix @@ -7,6 +7,7 @@ home-manager = inputs.home-manager; nix-darwin = inputs.nix-darwin; sops-nix = inputs.sops-nix; + nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; lix-module = inputs.lix-module; @@ -73,6 +74,7 @@ in { system-modules ++ [ sops-nix.nixosModules.sops + nix-syncthing.nixosModules.syncthing impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko @@ -107,4 +109,10 @@ in { ../configurations/home-manager/${user} ]; }; + + syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { + modules = [ + (import ../configurations/syncthing) + ]; + }; } From f5bef1ad43c16d8bf4fd6ea9f545166e9acaff01 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 02:04:20 -0500 Subject: [PATCH 565/932] removed completed task from tech debt --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 9a1c362c..a6b726e1 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- syncthing folders should just be enabled per devices and then combined with "extraDevices" to give final folder configurations - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services From f81878afd71fca857028050ffa143d3dae238a94 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 11:32:50 -0500 Subject: [PATCH 566/932] added talk to new features --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a6b726e1..095b9c55 100644 --- a/README.md +++ b/README.md @@ -69,3 +69,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html +- migrate away from flakes and move to npins \ No newline at end of file From c1f90f07c972e5166d027689754a763db69de266 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 11:45:07 -0500 Subject: [PATCH 567/932] updated path for fail2ban config --- modules/nixos-modules/server/fail2ban.nix | 2 +- modules/nixos-modules/sync.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index cd2a978d..a84b5ad5 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -92,7 +92,7 @@ in { enabled = true; filter = "forgejo"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.forgejo.stateDir}/log/*.log"; + logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; backend = "auto"; findtime = 600; bantime = 600; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index e185781b..de361e64 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -77,7 +77,7 @@ in { assertion = lib.strings.hasPrefix mountDir folder.path; message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; }) - config.services.syncthing.folders; + config.services.syncthing.settings.folders; environment.persistence = { "/persist/system/root" = { enable = true; From a31230fe6728193872fe77178a72febcf9436b6a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 12:02:39 -0500 Subject: [PATCH 568/932] added new feature to tasks --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 095b9c55..ad643c2c 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- Flake templates - we need to add these to some kind of local registry??? `nix flake show templates` - https://nix.dev/manual/nix/2.18/command-ref/new-cli/nix3-flake-init - samba mounts - figure out steam vr things? - Open GL? @@ -69,4 +68,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins \ No newline at end of file +- migrate away from flakes and move to npins +- forgejo dedicated sshd that can only do forgejo things and that the main deamon proxies to when trying to log in with the git user, with the goal of being able to host that deamon on port 22222 and set up a port forward rule on gateway for 22 -> deamon:22222 \ No newline at end of file From 9b857234f4fe62ee3f71d8130d301e1d9ceb1100 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 12:29:42 -0500 Subject: [PATCH 569/932] updated port number for forgejo internal ssh server --- modules/nixos-modules/server/forgejo.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index a6b3edec..ee983057 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -6,7 +6,7 @@ forgejoPort = 8081; stateDir = "/var/lib/forgejo"; db_user = "forgejo"; - sshPort = 2222; + sshPort = 22222; in { options.host.forgejo = { enable = lib.mkEnableOption "should forgejo be enabled on this computer"; From 34dce8d9d17aeb192b39447452cb7a6e3ca3dcb7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 19:47:02 -0500 Subject: [PATCH 570/932] fixed exports folder on nfs --- modules/nixos-modules/server/network_storage/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index b398582f..405ea2c3 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -39,7 +39,7 @@ enable = true; exports = lib.strings.concatLines ( [ - "/export 100.64.0.0/10(rw,fsid=0,no_subtree_check)" + "/exports 100.64.0.0/10(rw,fsid=0,no_subtree_check)" ] ++ (builtins.map ( directory: "${directory._directory} 100.64.0.0/10(rw,nohide,sync,no_subtree_check,crossmnt)" From 44d6b4827db34649ab62294d55af0afeeaf797e6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 19:49:11 -0500 Subject: [PATCH 571/932] fixed forgejo ssh --- modules/nixos-modules/server/forgejo.nix | 49 ++++++++++++------------ modules/nixos-modules/users.nix | 32 ++++++++-------- 2 files changed, 41 insertions(+), 40 deletions(-) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index ee983057..f0c19745 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -33,31 +33,32 @@ in { }; }; - services.forgejo = { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - # TODO: we need to create this user, and then store their authorized keys somewhere and have both ssh server allow login in as that user based on those authorized keys - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com:"; - }; - service = { - DISABLE_REGISTRATION = true; - }; + services = { + forgejo = { + enable = true; database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = config.users.users.git.name; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; }; }; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index f57e8940..92f40166 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -20,9 +20,9 @@ adguardhome = 2003; hass = 2004; headscale = 2005; - nextcloud = 2006; syncthing = 2007; ollama = 2008; + git = 2009; }; gids = { @@ -35,9 +35,9 @@ adguardhome = 2003; hass = 2004; headscale = 2005; - nextcloud = 2006; syncthing = 2007; ollama = 2008; + git = 2009; }; users = config.users.users; @@ -141,12 +141,6 @@ in { group = config.users.users.headscale.name; }; - nextcloud = { - uid = lib.mkForce uids.nextcloud; - isSystemUser = true; - group = config.users.users.nextcloud.name; - }; - syncthing = { uid = lib.mkForce uids.syncthing; isSystemUser = true; @@ -158,6 +152,13 @@ in { isSystemUser = true; group = config.users.users.ollama.name; }; + + git = { + uid = lib.mkForce uids.git; + isSystemUser = !config.services.forgejo.enable; + isNormalUser = config.services.forgejo.enable; + group = config.users.users.git.name; + }; }; groups = { @@ -232,14 +233,6 @@ in { ]; }; - nextcloud = { - gid = lib.mkForce gids.nextcloud; - members = [ - users.nextcloud.name - # leyla - ]; - }; - syncthing = { gid = lib.mkForce gids.syncthing; members = [ @@ -255,6 +248,13 @@ in { users.ollama.name ]; }; + + git = { + gid = lib.mkForce gids.git; + members = [ + users.git.name + ]; + }; }; }; } From da78b208cdf94f653a7a036f511625ec312ecf6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 20:21:18 -0500 Subject: [PATCH 572/932] added ssh config for local git pushes --- configurations/home-manager/default.nix | 2 ++ configurations/home-manager/git/default.nix | 20 ++++++++++++++++++++ flake.nix | 7 ++++++- util/default.nix | 18 ++++++++++++++---- 4 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 configurations/home-manager/git/default.nix diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index 3aa4c0e1..a7fa4784 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -1,10 +1,12 @@ { lib, config, + osConfig, ... }: let users = config.host.users; in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); eve = lib.mkIf users.eve.isNormalUser (import ./eve); + git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git); } diff --git a/configurations/home-manager/git/default.nix b/configurations/home-manager/git/default.nix new file mode 100644 index 00000000..2276e7a3 --- /dev/null +++ b/configurations/home-manager/git/default.nix @@ -0,0 +1,20 @@ +{osConfig, ...}: { + home = { + username = osConfig.users.users.git.name; + homeDirectory = osConfig.users.users.git.home; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + }; + + programs.ssh.extraConfig = '' + AuthorizedKeysFile + /var/lib/forgejo/.ssh/authorized_keys + ''; +} diff --git a/flake.nix b/flake.nix index 8c64e2bf..f9cb9a68 100644 --- a/flake.nix +++ b/flake.nix @@ -114,7 +114,12 @@ nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( nixpkgs.lib.attrsets.mapAttrs' (user: _: { name = "${user}@${hostname}"; - value = mkHome user hostname system.pkgs.hostPlatform.system system.config; + value = mkHome { + user = user; + host = hostname; + system = system.pkgs.hostPlatform.system; + osConfig = system.config; + }; }) system.config.home-manager.users )) diff --git a/util/default.nix b/util/default.nix index 028212ca..c6e0e06a 100644 --- a/util/default.nix +++ b/util/default.nix @@ -36,8 +36,13 @@ home-manager-config = nixpkgs: { home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = {inherit inputs outputs util;}; - home-manager.users = import ../configurations/home-manager nixpkgs; + home-manager.extraSpecialArgs = { + inherit inputs outputs util; + }; + home-manager.users = import ../configurations/home-manager (nixpkgs + // { + osConfig = nixpkgs.config; + }); home-manager.sharedModules = home-manager-modules; }; @@ -61,7 +66,7 @@ in { nixpkgs.lib.nixosSystem { modules = [ { - # TODO: authorized keys for all users + # TODO: authorized keys for all users and hosts } ../configurations/nixos/${host} ]; @@ -97,7 +102,12 @@ in { ]; }; - mkHome = user: host: system: osConfig: + mkHome = { + user, + host, + system, + osConfig, + }: home-manager.lib.homeManagerConfiguration { pkgs = pkgsFor system; extraSpecialArgs = { From fc8877ff1050e4cc5539c233511c655ecffadec8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 20:35:11 -0500 Subject: [PATCH 573/932] added fsid to all nfs mounts --- .../server/network_storage/nfs.nix | 21 +++++++------------ 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 405ea2c3..1b52d26a 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -37,20 +37,15 @@ lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { services.nfs.server = { enable = true; - exports = lib.strings.concatLines ( - [ - "/exports 100.64.0.0/10(rw,fsid=0,no_subtree_check)" - ] - ++ (builtins.map ( - directory: "${directory._directory} 100.64.0.0/10(rw,nohide,sync,no_subtree_check,crossmnt)" + exports = lib.strings.concatLines (lib.lists.imap0 ( + i: directory: "${directory._directory} 100.64.0.0/10(fsid=${toString i},rw,nohide,sync,no_subtree_check,crossmnt)" + ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories ) - ( - builtins.filter ( - directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories - ) - config.host.network_storage.directories - )) - ); + config.host.network_storage.directories + )); }; networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ config.host.network_storage.nfs.port From ade8d1ec83b689a2143d675167b63d8b465371b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 14 Mar 2025 20:50:18 -0500 Subject: [PATCH 574/932] removed completed task from new features --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index ad643c2c..9b72e494 100644 --- a/README.md +++ b/README.md @@ -68,5 +68,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins -- forgejo dedicated sshd that can only do forgejo things and that the main deamon proxies to when trying to log in with the git user, with the goal of being able to host that deamon on port 22222 and set up a port forward rule on gateway for 22 -> deamon:22222 \ No newline at end of file +- migrate away from flakes and move to npins \ No newline at end of file From 6d4cfec975c81b2d7a23eb9c2c6355be7a527726 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 15 Mar 2025 12:30:26 -0500 Subject: [PATCH 575/932] added more config to nfs --- .../nixos/horizon/hardware-configuration.nix | 49 ++++++++++++++-- .../server/network_storage/nfs.nix | 56 ++++++++++++++----- 2 files changed, 88 insertions(+), 17 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index 65c2aa2c..ed743e9f 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -25,6 +25,8 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; + + supportedFilesystems = ["nfs"]; }; fileSystems = { @@ -41,25 +43,64 @@ "/mnt/leyla_documents" = { device = "defiant:/exports/leyla_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/eve_documents" = { device = "defiant:/exports/eve_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/users_documents" = { device = "defiant:/exports/users_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; }; }; diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 1b52d26a..138ca93e 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -35,21 +35,51 @@ } ( lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { - services.nfs.server = { - enable = true; - exports = lib.strings.concatLines (lib.lists.imap0 ( - i: directory: "${directory._directory} 100.64.0.0/10(fsid=${toString i},rw,nohide,sync,no_subtree_check,crossmnt)" - ) - ( - builtins.filter ( - directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + services.nfs = { + settings = { + nfsd = { + threads = 32; + port = config.host.network_storage.nfs.port; + }; + }; + server = { + enable = true; + + lockdPort = 4001; + mountdPort = 4002; + statdPort = 4000; + + exports = lib.strings.concatLines ( + [ + "${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)" + ] + ++ ( + lib.lists.imap1 ( + i: directory: "${directory._directory} 100.64.0.0/10(rw,fsid=${toString i},nohide,insecure,no_subtree_check)" + ) + ( + builtins.filter ( + directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories + ) + config.host.network_storage.directories + ) ) - config.host.network_storage.directories - )); + ); + }; + }; + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + ports = [ + 111 + config.host.network_storage.nfs.port + config.services.nfs.server.lockdPort + config.services.nfs.server.mountdPort + config.services.nfs.server.statdPort + 20048 + ]; + in { + allowedTCPPorts = ports; + allowedUDPPorts = ports; }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = [ - config.host.network_storage.nfs.port - ]; } ) ]; From 2ea0592c647889e3e75f276235e14af8a05daad9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 12:19:23 -0500 Subject: [PATCH 576/932] added local network and loopback addresses to nfs mount --- modules/nixos-modules/server/network_storage/nfs.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 138ca93e..6273e59d 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -55,7 +55,9 @@ ] ++ ( lib.lists.imap1 ( - i: directory: "${directory._directory} 100.64.0.0/10(rw,fsid=${toString i},nohide,insecure,no_subtree_check)" + i: directory: let + options = "(rw,fsid=${toString i},nohide,insecure,no_subtree_check)"; + in "${directory._directory} 100.64.0.0/10${options} 192.168.0.0/24${options} 127.0.0.1${options}" ) ( builtins.filter ( From 16959837423616b4a5f103fc127dd25d95dc5fea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 13:34:06 -0500 Subject: [PATCH 577/932] updated nfs config for twilight --- .../nixos/twilight/hardware-configuration.nix | 43 ++++++++++++++++--- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 81b32aea..1cba7de7 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -25,6 +25,8 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; + + supportedFilesystems = ["nfs"]; }; services.xserver = { @@ -48,21 +50,52 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla"; + device = "defiant:/exports/leyla_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/users_documents" = { - device = "defiant:/exports/users"; + device = "defiant:/exports/users_documents"; fsType = "nfs"; - options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; }; "/mnt/media" = { device = "defiant:/exports/media"; fsType = "nfs"; - options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"]; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; }; }; From 33ea6db98bbbbc816829fe9b618ac14e9b46b4f3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 14:30:04 -0500 Subject: [PATCH 578/932] made every address space for nfs use a different fsid --- modules/nixos-modules/server/network_storage/nfs.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 6273e59d..26480d60 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -54,10 +54,16 @@ "${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)" ] ++ ( - lib.lists.imap1 ( + lib.lists.imap0 ( i: directory: let - options = "(rw,fsid=${toString i},nohide,insecure,no_subtree_check)"; - in "${directory._directory} 100.64.0.0/10${options} 192.168.0.0/24${options} 127.0.0.1${options}" + option = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; + addresses = ["100.64.0.0/10" "192.168.0.0/24" "127.0.0.1"]; + options = lib.strings.concatStrings ( + lib.strings.intersperse " " ( + lib.lists.imap0 (index: address: "${address}${option (1 + (i * (builtins.length addresses)) + index)}") addresses + ) + ); + in "${directory._directory} ${options}" ) ( builtins.filter ( From de6a43a239c5d89889bdc6676f06b9849c5d76e7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 15:31:34 -0500 Subject: [PATCH 579/932] added leyla documents to more syncthing devices --- configurations/syncthing/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index bc557eba..1934684e 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -67,6 +67,9 @@ share = { folder = config.folders.share; }; + leyla_documents = { + folder = config.folders.leyla_documents; + }; }; }; ceder = { @@ -75,6 +78,9 @@ share = { folder = config.folders.share; }; + leyla_documents = { + folder = config.folders.leyla_documents; + }; leyla_calendar = { folder = config.folders.leyla_calendar; }; From 7c0c94b47a6f325266b941651ad85e1ec8ae3faf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 20:34:09 -0500 Subject: [PATCH 580/932] updated nfs config --- .../server/network_storage/default.nix | 22 +++++++++---------- .../server/network_storage/nfs.nix | 15 ++++++++++--- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index f756738a..00ea7acc 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -15,7 +15,7 @@ in { export_directory = lib.mkOption { type = lib.types.path; description = "what are exports going to be stored in"; - default = "/exports"; + default = "/export"; }; directories = lib.mkOption { type = lib.types.listOf (lib.types.submodule ({config, ...}: { @@ -57,7 +57,7 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2775 root root -" + "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" ] ++ ( builtins.map ( @@ -77,14 +77,14 @@ in { ) ); } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - config.host.network_storage.export_directory - ]; - }; - }) + # (lib.mkIf config.host.impermanence.enable { + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # config.host.network_storage.export_directory + # ]; + # }; + # }) ]); } diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index 26480d60..bad04520 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -56,11 +56,20 @@ ++ ( lib.lists.imap0 ( i: directory: let - option = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; - addresses = ["100.64.0.0/10" "192.168.0.0/24" "127.0.0.1"]; + createOptions = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; + addresses = [ + # loopback + "127.0.0.1" + "::1" + # local network + # "192.168.0.0/24" + # tailscale + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" + ]; options = lib.strings.concatStrings ( lib.strings.intersperse " " ( - lib.lists.imap0 (index: address: "${address}${option (1 + (i * (builtins.length addresses)) + index)}") addresses + lib.lists.imap0 (index: address: "${address}${createOptions (1 + (i * (builtins.length addresses)) + index)}") addresses ) ); in "${directory._directory} ${options}" From 4b014ed29ff60adf6934c6f72d12c37c178585cb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 20:56:20 -0500 Subject: [PATCH 581/932] added more options to nfs config on horizon --- .../nixos/horizon/hardware-configuration.nix | 26 ++++++++++++------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index ed743e9f..e88d8dcc 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -41,65 +41,71 @@ }; "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; + device = "defiant:/export/leyla_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "noatime" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/eve_documents" = { - device = "defiant:/exports/eve_documents"; + device = "defiant:/export/eve_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; + device = "defiant:/export/users_documents"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "nofail" - "soft" "x-systemd.idle-timeout=600" "fsc" + "timeo=600" + "retrans=2" ]; }; "/mnt/media" = { - device = "defiant:/exports/media"; + device = "defiant:/export/media"; fsType = "nfs"; options = [ + "vers=4" "x-systemd.automount" "noauto" "user" "noatime" "nofail" - "soft" "x-systemd.idle-timeout=600" "noatime" "nodiratime" "relatime" - "rsize=32768" - "wsize=32768" "fsc" + "timeo=600" + "retrans=2" ]; }; }; From 3ec99b599bc3f022249c6a604f3793061f664865 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 16 Mar 2025 21:00:44 -0500 Subject: [PATCH 582/932] created immich config --- .../nixos/defiant/configuration.nix | 4 ++ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/immich.nix | 68 +++++++++++++++++++ modules/nixos-modules/users.nix | 32 ++++----- 4 files changed, 89 insertions(+), 16 deletions(-) create mode 100644 modules/nixos-modules/server/immich.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 39237151..0b7214bd 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -114,6 +114,10 @@ adguardhome = { enable = false; }; + immich = { + enable = true; + subdomain = "photos"; + }; sync = { enable = true; folders = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 88549369..956ad9e9 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -10,5 +10,6 @@ ./searx.nix ./home-assistant.nix ./adguardhome.nix + ./immich.nix ]; } diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix new file mode 100644 index 00000000..7dd3a0ff --- /dev/null +++ b/modules/nixos-modules/server/immich.nix @@ -0,0 +1,68 @@ +{ + lib, + config, + ... +}: let + mediaLocation = "/var/lib/immich"; +in { + options.host.immich = { + enable = lib.mkEnableOption "should immich be enabled on this computer"; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that immich will be hosted at"; + default = "immich"; + }; + }; + + config = lib.mkIf config.host.immich.enable (lib.mkMerge [ + { + host = { + reverse_proxy.subdomains.${config.host.immich.subdomain} = { + target = "http://localhost:${toString config.services.immich.port}"; + }; + postgres = { + enable = true; + extraUsers = { + ${config.services.immich.database.user} = { + isClient = true; + }; + }; + }; + }; + + services.immich = { + enable = true; + port = 2283; + # redis.enable = false; + }; + + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { + allowedUDPPorts = [ + config.services.immich.port + ]; + allowedTCPPorts = [ + config.services.immich.port + ]; + }; + } + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.immich.mediaLocation == mediaLocation; + message = "immich media location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = mediaLocation; + user = "immich"; + group = "immich"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 92f40166..7bdb3dd2 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -19,10 +19,10 @@ forgejo = 2002; adguardhome = 2003; hass = 2004; - headscale = 2005; syncthing = 2007; ollama = 2008; git = 2009; + immich = 2010; }; gids = { @@ -34,10 +34,10 @@ forgejo = 2002; adguardhome = 2003; hass = 2004; - headscale = 2005; syncthing = 2007; ollama = 2008; git = 2009; + immich = 2010; }; users = config.users.users; @@ -135,12 +135,6 @@ in { group = config.users.users.hass.name; }; - headscale = { - uid = lib.mkForce uids.headscale; - isSystemUser = true; - group = config.users.users.headscale.name; - }; - syncthing = { uid = lib.mkForce uids.syncthing; isSystemUser = true; @@ -159,6 +153,12 @@ in { isNormalUser = config.services.forgejo.enable; group = config.users.users.git.name; }; + + immich = { + uid = lib.mkForce uids.immich; + isSystemUser = true; + group = config.users.users.immich.name; + }; }; groups = { @@ -225,14 +225,6 @@ in { ]; }; - headscale = { - gid = lib.mkForce gids.headscale; - members = [ - users.headscale.name - # leyla - ]; - }; - syncthing = { gid = lib.mkForce gids.syncthing; members = [ @@ -255,6 +247,14 @@ in { users.git.name ]; }; + + immich = { + gid = lib.mkForce gids.immich; + members = [ + users.immich.name + # leyla + ]; + }; }; }; } From 6614c4a5535505909a3bd85c358f40122854aff6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Mar 2025 14:32:50 -0500 Subject: [PATCH 583/932] added extra config to immich proxy --- modules/nixos-modules/server/immich.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index 7dd3a0ff..f8ea5e38 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -19,6 +19,27 @@ in { host = { reverse_proxy.subdomains.${config.host.immich.subdomain} = { target = "http://localhost:${toString config.services.immich.port}"; + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + + # Set headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # enable websockets: http://nginx.org/en/docs/http/websocket.html + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_redirect off; + + # set timeout + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + ''; }; postgres = { enable = true; From b45fe04a2bc2b3d09a475f5205801d700c4fb13f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Mar 2025 17:13:37 -0500 Subject: [PATCH 584/932] removed duplicate task from tasks --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 9b72e494..6d2c56b2 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - Immich - zfs encryption FIDO2 2fa (look into shavee) -- ISO installer - https://github.com/nix-community/nixos-generators - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results - Create Tor guard/relay server From 8e98273fcf40d7946e0af4b08b785b1e3cd0d833 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 17 Mar 2025 17:40:35 -0500 Subject: [PATCH 585/932] added photos bookmark to firefox --- configurations/home-manager/leyla/firefox.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 59450c46..5bc49dbd 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -265,6 +265,12 @@ keyword = ""; tags = [""]; } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } { name = "Git"; url = "https://git.jan-leila.com/"; From 9bc13861b4a54072b25677fde81dcfc3b6f6021c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Mar 2025 18:32:57 -0500 Subject: [PATCH 586/932] added fail2ban filter for immich --- modules/nixos-modules/server/fail2ban.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index a84b5ad5..f486d73a 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -46,6 +46,16 @@ in { datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S '') ); + "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = immich-server.*Failed login attempt for user.+from ip address\s? + journalmatch = CONTAINER_TAG=immich-server + '') + ); }; services.fail2ban = { @@ -108,6 +118,11 @@ in { bantime = 600; maxretry = 5; }; + immich-iptables.settings = lib.mkIf config.services.immich.enable { + enabled = true; + filter = "immich"; + backend = "systemd"; + }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; From 68185640aa1209e1973c7557f7ed45e7f2243033 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Mar 2025 18:34:35 -0500 Subject: [PATCH 587/932] updated fail2ban filter --- modules/nixos-modules/server/fail2ban.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index f486d73a..e3f62800 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -48,9 +48,6 @@ in { ); "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - [Definition] failregex = immich-server.*Failed login attempt for user.+from ip address\s? journalmatch = CONTAINER_TAG=immich-server From 4c430404b3cd33f69b63096fa0cf899c8709a483 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 18 Mar 2025 21:15:23 -0500 Subject: [PATCH 588/932] added tasks to README.md --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6d2c56b2..6ddb2a99 100644 --- a/README.md +++ b/README.md @@ -67,4 +67,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - SMART test with email results - Create Tor guard/relay server - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins \ No newline at end of file +- migrate away from flakes and move to npins +- fix nfs +- fix home assistant +- create adguard server \ No newline at end of file From 2350eb43ec0c4658a8670276241203230680fb63 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 01:13:38 -0500 Subject: [PATCH 589/932] simplified nginx config --- README.md | 1 - .../nixos-modules/server/home-assistant.nix | 12 ++-- modules/nixos-modules/server/immich.nix | 17 ++--- modules/nixos-modules/server/jellyfin.nix | 47 ++++---------- .../nixos-modules/server/reverse_proxy.nix | 63 ++++++++++++++----- modules/nixos-modules/server/searx.nix | 3 +- 6 files changed, 71 insertions(+), 72 deletions(-) diff --git a/README.md b/README.md index 6ddb2a99..6f43733c 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services -- nginx config should be reworked to give a list of subdomains and then the config information to apply to each proxy ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 01423e66..254e183e 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -58,18 +58,14 @@ in { host = { reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - websockets = true; + + websockets.enable = true; + forwardHeaders.enable = true; + extraConfig = '' add_header Upgrade $http_upgrade; add_header Connection \"upgrade\"; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_buffering off; proxy_read_timeout 90; diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index f8ea5e38..2756e5c2 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -19,26 +19,19 @@ in { host = { reverse_proxy.subdomains.${config.host.immich.subdomain} = { target = "http://localhost:${toString config.services.immich.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + extraConfig = '' # allow large file uploads client_max_body_size 50000M; - # Set headers - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # enable websockets: http://nginx.org/en/docs/http/websocket.html - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_redirect off; - # set timeout proxy_read_timeout 600s; proxy_send_timeout 600s; send_timeout 600s; + proxy_redirect off; ''; }; postgres = { diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index e3eb9865..77d5744b 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -31,45 +31,22 @@ in { lib.mkMerge [ { services.jellyfin.enable = true; - host.reverse_proxy.subdomains = lib.mkMerge ([ - { - ${config.host.jellyfin.subdomain} = { - target = "http://localhost:${toString jellyfinPort}"; - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; + host.reverse_proxy.subdomains.jellyfin = { + target = "http://localhost:${toString jellyfinPort}"; - proxy_buffering off; - ''; - }; - } - ] - ++ (builtins.map (subdomain: { - ${subdomain} = { - target = "http://localhost:${toString jellyfinPort}"; - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; + subdomain = config.host.jellyfin.subdomain; + extraSubdomains = config.host.jellyfin.extraSubdomains; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; + forwardHeaders.enable = true; - proxy_buffering off; - ''; - }; - }) - config.host.jellyfin.extraSubdomains)); + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + + proxy_buffering off; + ''; + }; environment.systemPackages = [ pkgs.jellyfin pkgs.jellyfin-web diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index a406b146..26b43749 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -24,13 +24,28 @@ in { default = true; }; subdomains = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({...}: { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "what is the default subdomain to be used for this application to be used for"; + default = name; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for this domain"; + default = []; + }; + target = lib.mkOption { type = lib.types.str; - description = "where should this host point to"; + description = "what url will all traffic to this application be forwarded to"; }; - websockets = lib.mkEnableOption "should websockets be proxied"; + + websockets.enable = lib.mkEnableOption "should the default config proxy websockets"; + + forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; + extraConfig = lib.mkOption { type = lib.types.lines; default = ""; @@ -40,7 +55,6 @@ in { }; }; })); - default = {}; }; }; @@ -53,17 +67,36 @@ in { services.nginx = { enable = true; - virtualHosts = lib.attrsets.mapAttrs' (name: value: - lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations."/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets; - extraConfig = value.extraConfig; - }; - }) - config.host.reverse_proxy.subdomains; + virtualHosts = lib.mkMerge ( + lib.lists.flatten ( + lib.attrsets.mapAttrsToList ( + name: value: let + hostConfig = { + forceSSL = config.host.reverse_proxy.forceSSL; + enableACME = config.host.reverse_proxy.enableACME; + locations = { + "/" = { + proxyPass = value.target; + proxyWebsockets = value.websockets.enable; + recommendedProxySettings = value.forwardHeaders.enable; + extraConfig = + value.extraConfig; + }; + }; + }; + in ( + [ + { + ${"${value.subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig; + } + ] + ++ builtins.map (subdomain: {${"${subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig;}) + value.extraSubdomains + ) + ) + config.host.reverse_proxy.subdomains + ) + ); }; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index b18eb145..c578b410 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -20,7 +20,8 @@ }; }; host = { - reverse_proxy.subdomains.${config.host.searx.subdomain} = { + reverse_proxy.subdomains.searx = { + subdomain = config.host.searx.subdomain; target = "http://localhost:${toString config.services.searx.settings.server.port}"; }; }; From c81622a65cedde239ff5e28b20443cd95175de97 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 01:21:16 -0500 Subject: [PATCH 590/932] removed completed new feature from tasks --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 6f43733c..2c46110f 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - zfs email after scrubbing # TODO: test this - wake on LAN for updates - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- Immich - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote - SMART test with email results From ae19af996e619251e70b9653173f58b96c60fbc5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 01:22:53 -0500 Subject: [PATCH 591/932] added task to tech debt --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2c46110f..7c1908e7 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services +- move extra custom configuration for services out of host config and instead extend services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts From 24e651205983fbde33e1c421677fc68796a38752 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 19:57:12 -0500 Subject: [PATCH 592/932] updated flake.lock --- flake.lock | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index 11bbff83..dfdc7653 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741838604, - "narHash": "sha256-ytHdrfSbbPvla43Ykd61cVkS2JLA8wBEHcnf4yLFP7Y=", + "lastModified": 1742417054, + "narHash": "sha256-xZrOGER/WjdotrDqHGqz0GGtXKmMw0yzrop6TtZSB7w=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e41884886e7798003973f487f37b979ee92f7d99", + "rev": "9c8d89103be887c38fac9951d4d8900a91fff5d6", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1741791118, - "narHash": "sha256-4Y427uj0eql4yRU5rely3EcOlB9q457UDbG9omPtXiA=", + "lastModified": 1742416832, + "narHash": "sha256-ycok0eJJcoknqaibdv/TEEEOUqovC42XCqbfLDYmnoQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "18780912345970e5b546b1b085385789b6935a83", + "rev": "eb0f617aecbaf1eff5bacec789891e775af2f5a3", "type": "github" }, "original": { @@ -163,14 +163,14 @@ "flake": false, "locked": { "lastModified": 1737234286, - "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", + "rev": "079528098f5998ba13c88821a2eca1005c1695de", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" } }, "lix-module": { @@ -183,11 +183,11 @@ ] }, "locked": { - "lastModified": 1737237494, - "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", - "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "lastModified": 1741892773, + "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", + "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba.tar.gz?rev=a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/ed7a2fa83145868ecb830d6b3c73ebfd81a9e911.tar.gz?rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911" }, "original": { "type": "tarball", @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1741794429, - "narHash": "sha256-4J46D8sOZ3UroVyGYKYMU3peq9gv0tjRX0KbZihWhhw=", + "lastModified": 1742373336, + "narHash": "sha256-oEF5dBlq8wGD3mkJ5PmFS1PGb28uYmvuy1IH6roIGkQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "2fb6b09b678a1ab258cf88e3ea4a966edceec6a8", + "rev": "2d9b63316926aa130a5a51136d93b9be28808f26", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1741830545, - "narHash": "sha256-SzbDILDATgMCYk2SxPYLCBVdT6mHtlyeYZDn2SZaIuU=", + "lastModified": 1742349195, + "narHash": "sha256-6Jd1bVeDtg1Tx5pfTI2pkVSc5OUsWzlzyRBE6uucvKk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "28318c164b39b70a14851aed7ad0ea7f03ca417e", + "rev": "627c4ca40954a81d52753e2c754863f244cf81ba", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1741792691, - "narHash": "sha256-f0BVt1/cvA0DQ/q3rB+HY4g4tKksd03ZkzI4xehC2Ew=", + "lastModified": 1742376361, + "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e1f12151258b12c567f456d8248e4694e9390613", + "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9", "type": "github" }, "original": { @@ -274,11 +274,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741513245, - "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", + "lastModified": 1742288794, + "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", + "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", "type": "github" }, "original": { @@ -328,11 +328,11 @@ ] }, "locked": { - "lastModified": 1741644481, - "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", + "lastModified": 1742406979, + "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e653d71e82575a43fe9d228def8eddb73887b866", + "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609", "type": "github" }, "original": { From a821b1ab164d4cab03cd63c40449373d05848f67 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 19 Mar 2025 20:05:25 -0500 Subject: [PATCH 593/932] updated firefox config for leyla home manager --- configurations/home-manager/leyla/firefox.nix | 157 +++++++++--------- 1 file changed, 80 insertions(+), 77 deletions(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 5bc49dbd..eef5d882 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -37,13 +37,13 @@ }; "NixOS Wiki" = { urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; + icon = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = ["@nw"]; }; "Searx" = { urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; + icon = "https://nixos.wiki/favicon.png"; updateInterval = 24 * 60 * 60 * 1000; # every day definedAliases = ["@searx"]; }; @@ -258,81 +258,84 @@ "toolkit.telemetry.updatePing.enabled" = false; }; - bookmarks = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; + bookmarks = { + force = true; + settings = [ + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; }; }; } From 6c6f9a11bc9d29a93d0e32bbbb25705293c20617 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 20 Mar 2025 00:45:49 -0500 Subject: [PATCH 594/932] updated flake lock --- flake.lock | 26 +++++++++++++------------- nix-config-secrets | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index dfdc7653..3a40e4c3 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742417054, - "narHash": "sha256-xZrOGER/WjdotrDqHGqz0GGtXKmMw0yzrop6TtZSB7w=", + "lastModified": 1742442833, + "narHash": "sha256-fPRAEtERJoDi0wIK3pGUbkpTL4N4AW1gHFJ8LcfjFbI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9c8d89103be887c38fac9951d4d8900a91fff5d6", + "rev": "5b4fc9b4b510ee8b2e26c47261c1262bbd12800d", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1742416832, - "narHash": "sha256-ycok0eJJcoknqaibdv/TEEEOUqovC42XCqbfLDYmnoQ=", + "lastModified": 1742442527, + "narHash": "sha256-P3hEYEIryixLQWeKOYjyxv6bIQIDoyNAuvEq+tfJc6k=", "owner": "nix-community", "repo": "home-manager", - "rev": "eb0f617aecbaf1eff5bacec789891e775af2f5a3", + "rev": "97a00e0659b2807454507eb3a593bd09b099bd80", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1742349195, - "narHash": "sha256-6Jd1bVeDtg1Tx5pfTI2pkVSc5OUsWzlzyRBE6uucvKk=", + "lastModified": 1742435492, + "narHash": "sha256-ndzDOuL+HFcWwrHfEy+29b2sAc96DY78xRasLg0ONiI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "627c4ca40954a81d52753e2c754863f244cf81ba", + "rev": "fee770e654c49d69aacbdaf291c8af819a67bb35", "type": "github" }, "original": { @@ -308,11 +308,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1740354712, - "narHash": "sha256-1PMVP2txoD4lhW7k3fbYa7CZ+hLBJO5f91EWtegrqEg=", + "lastModified": 1742444385, + "narHash": "sha256-QUcFbv7JG9SqtLmBUEhoFRTaMefQnb/GeY/Ql4LcA6Y=", "ref": "refs/heads/main", - "rev": "db6d65e814bc0c99f6e9b95308184b004038243e", - "revCount": 13, + "rev": "839273dc72d1e82d7941ba2459e5ed228f398573", + "revCount": 14, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/nix-config-secrets b/nix-config-secrets index db6d65e8..839273dc 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit db6d65e814bc0c99f6e9b95308184b004038243e +Subproject commit 839273dc72d1e82d7941ba2459e5ed228f398573 From 186dd689ebcce8fb8e4259136376ea3cd549b87a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 17:34:29 -0500 Subject: [PATCH 595/932] added extra tailscale config --- configurations/nixos/defiant/configuration.nix | 6 ++++-- configurations/nixos/horizon/configuration.nix | 6 ++++++ configurations/nixos/twilight/configuration.nix | 8 +++++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b7214bd..87fff9bb 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -177,13 +177,15 @@ useRoutingFeatures = "server"; extraUpFlags = [ "--advertise-exit-node" - "--advertise-routes=192.168.1.0/24" + "--advertise-routes=192.168.0.0/24" "--accept-dns=false" + "--advertise-tags=tag:leyla,tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" - "--advertise-routes=192.168.1.0/24" + "--advertise-routes=192.168.0.0/24" "--accept-dns=false" + "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index c97a8920..5ed6d01b 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -62,6 +62,12 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; + extraUpFlags = [ + "--advertise-tags=tag:leyla,tag:server,tag:static" + ]; + extraSetFlags = [ + "--advertise-tags=tag:leyla,tag:server,tag:static" + ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 5238b840..fbfe66df 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -55,9 +55,15 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; - extraUpFlags = ["--advertise-exit-node"]; + extraUpFlags = [ + "--advertise-exit-node" + "--advertise-routes=192.168.0.0/24" + "--advertise-tags=tag:leyla,tag:server,tag:static" + ]; extraSetFlags = [ "--advertise-exit-node" + "--advertise-routes=192.168.0.0/24" + "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; From 0d7da663ed1d9fa20ab482cc962872dc548afd52 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 17:56:26 -0500 Subject: [PATCH 596/932] removed leyla tag from advertise-tags --- .../nixos/defiant/configuration.nix | 3 +- .../nixos/horizon/configuration.nix | 5 +-- .../nixos/twilight/configuration.nix | 3 +- flake.lock | 44 +++++++++---------- nix-config-secrets | 2 +- 5 files changed, 26 insertions(+), 31 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 87fff9bb..9de9b380 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -179,13 +179,12 @@ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - "--advertise-tags=tag:leyla,tag:server,tag:static" + "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 5ed6d01b..2f98cf8d 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -63,10 +63,7 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; extraUpFlags = [ - "--advertise-tags=tag:leyla,tag:server,tag:static" - ]; - extraSetFlags = [ - "--advertise-tags=tag:leyla,tag:server,tag:static" + "--advertise-tags=tag:server,tag:static" ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index fbfe66df..2c1b3d5c 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -58,12 +58,11 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:leyla,tag:server,tag:static" + "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:leyla,tag:server,tag:static" ]; }; }; diff --git a/flake.lock b/flake.lock index 3a40e4c3..56a5cd18 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742442833, - "narHash": "sha256-fPRAEtERJoDi0wIK3pGUbkpTL4N4AW1gHFJ8LcfjFbI=", + "lastModified": 1742489760, + "narHash": "sha256-OkYl/wf09cKviSV1R6SshcRmeX1iDNEKCMg5KlmTwK0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5b4fc9b4b510ee8b2e26c47261c1262bbd12800d", + "rev": "10f7b577f5081b30ca6b7fd5f98de8d7dfdb5a27", "type": "gitlab" }, "original": { @@ -131,11 +131,11 @@ ] }, "locked": { - "lastModified": 1742442527, - "narHash": "sha256-P3hEYEIryixLQWeKOYjyxv6bIQIDoyNAuvEq+tfJc6k=", + "lastModified": 1742588233, + "narHash": "sha256-Fi5g8H5FXMSRqy+mU6gPG0v+C9pzjYbkkiePtz8+PpA=", "owner": "nix-community", "repo": "home-manager", - "rev": "97a00e0659b2807454507eb3a593bd09b099bd80", + "rev": "296ddc64627f4a6a4eb447852d7346b9dd16197d", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1742373336, - "narHash": "sha256-oEF5dBlq8wGD3mkJ5PmFS1PGb28uYmvuy1IH6roIGkQ=", + "lastModified": 1742595055, + "narHash": "sha256-cEetDber6LF8W4ThmRc4rwKs/o8y2GH0pUdX7e6CnAQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "2d9b63316926aa130a5a51136d93b9be28808f26", + "rev": "e9f41de2a81f04390afd106959adf352a207628f", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1742435492, - "narHash": "sha256-ndzDOuL+HFcWwrHfEy+29b2sAc96DY78xRasLg0ONiI=", + "lastModified": 1742522036, + "narHash": "sha256-OmIHuzgZt38vn9SkysbS5D+KaAbKadtaKfODh0iWALk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "fee770e654c49d69aacbdaf291c8af819a67bb35", + "rev": "4cff80a994fd6edb6c62ee5439cd587b50871cf3", "type": "github" }, "original": { @@ -274,11 +274,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742288794, - "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", + "lastModified": 1742422364, + "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", "type": "github" }, "original": { @@ -308,11 +308,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1742444385, - "narHash": "sha256-QUcFbv7JG9SqtLmBUEhoFRTaMefQnb/GeY/Ql4LcA6Y=", + "lastModified": 1742597341, + "narHash": "sha256-r9Tid/fvcxi6LjAtW7YbXGN1HAtz/XEQkWZVPw3pLvk=", "ref": "refs/heads/main", - "rev": "839273dc72d1e82d7941ba2459e5ed228f398573", - "revCount": 14, + "rev": "d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433", + "revCount": 15, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, @@ -328,11 +328,11 @@ ] }, "locked": { - "lastModified": 1742406979, - "narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=", + "lastModified": 1742595978, + "narHash": "sha256-05onsoMrLyXE4XleDCeLC3bXnC4nyUbKWInGwM7v6hU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609", + "rev": "b7756921b002de60fb66782effad3ce8bdb5b25d", "type": "github" }, "original": { diff --git a/nix-config-secrets b/nix-config-secrets index 839273dc..d022f6bd 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 839273dc72d1e82d7941ba2459e5ed228f398573 +Subproject commit d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433 From 2dfdb79f06967d64e0bda75e9fd92c6c8b3ae063 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 18:33:57 -0500 Subject: [PATCH 597/932] fixed advertised tags on clients --- configurations/nixos/horizon/configuration.nix | 2 +- configurations/nixos/twilight/configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 2f98cf8d..c9ad6e8e 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -63,7 +63,7 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; extraUpFlags = [ - "--advertise-tags=tag:server,tag:static" + "--advertise-tags=tag:client,tag:mobile" ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 2c1b3d5c..5da8a773 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -58,7 +58,7 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:server,tag:static" + "--advertise-tags=tag:client,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" From 4f3064351316e803d23d941c3e1b7ad4ef6c8e86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 21 Mar 2025 18:47:00 -0500 Subject: [PATCH 598/932] removed advertise tags from devices --- configurations/nixos/defiant/configuration.nix | 2 +- configurations/nixos/horizon/configuration.nix | 2 +- configurations/nixos/twilight/configuration.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9de9b380..6c2336a7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -179,7 +179,7 @@ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - "--advertise-tags=tag:server,tag:static" + # "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index c9ad6e8e..b59b7e90 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -63,7 +63,7 @@ authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; extraUpFlags = [ - "--advertise-tags=tag:client,tag:mobile" + # "--advertise-tags=tag:client,tag:mobile" ]; }; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 5da8a773..6def768e 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -58,7 +58,7 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - "--advertise-tags=tag:client,tag:static" + # "--advertise-tags=tag:client,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" From 76d68cf146e11b75c86b9c1270d53b38593bf127 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 12:50:17 -0500 Subject: [PATCH 599/932] disabled home assistant --- .../nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/server/fail2ban.nix | 42 +++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6c2336a7..5c3a7eda 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -108,7 +108,7 @@ subdomain = "search"; }; home-assistant = { - enable = true; + enable = false; subdomain = "home"; }; adguardhome = { diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index e3f62800..f410aeb9 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -32,20 +32,20 @@ in { failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " '') ); - "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf + # "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( + # pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + # [INCLUDES] + # before = common.conf - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + # [Definition] + # failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - ignoreregex = + # ignoreregex = - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); + # [Init] + # datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + # '') + # ); "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] @@ -105,16 +105,16 @@ in { bantime = 600; maxretry = 5; }; - home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; + # home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + # enabled = true; + # filter = "hass"; + # action = ''iptables-multiport[name=HTTP, port="http,https"]''; + # logpath = "${config.services.home-assistant.configDir}/*.log"; + # backend = "auto"; + # findtime = 600; + # bantime = 600; + # maxretry = 5; + # }; immich-iptables.settings = lib.mkIf config.services.immich.enable { enabled = true; filter = "immich"; From c7938c3fe796a1ca95ec4f05342c52ecab18be6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 13:01:25 -0500 Subject: [PATCH 600/932] moved fail2ban configs into service configs --- modules/nixos-modules/server/fail2ban.nix | 44 ----------------------- modules/nixos-modules/server/forgejo.nix | 26 ++++++++++++++ modules/nixos-modules/server/immich.nix | 22 ++++++++++++ modules/nixos-modules/server/jellyfin.nix | 25 +++++++++++++ 4 files changed, 73 insertions(+), 44 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index f410aeb9..6fdfd6a5 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -20,18 +20,6 @@ in { failregex = "limiting requests, excess:.* by zone.*client: " '') ); - "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." - '') - ); - "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " - '') - ); # "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( # pkgs.lib.mkDefault (pkgs.lib.mkAfter '' # [INCLUDES] @@ -46,13 +34,6 @@ in { # datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S # '') # ); - "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = immich-server.*Failed login attempt for user.+from ip address\s? - journalmatch = CONTAINER_TAG=immich-server - '') - ); }; services.fail2ban = { @@ -85,26 +66,6 @@ in { bantime = 600; maxretry = 5; }; - jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { - enabled = true; - filter = "jellyfin"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.jellyfin.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { - enabled = true; - filter = "forgejo"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; # home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { # enabled = true; # filter = "hass"; @@ -115,11 +76,6 @@ in { # bantime = 600; # maxretry = 5; # }; - immich-iptables.settings = lib.mkIf config.services.immich.enable { - enabled = true; - filter = "immich"; - backend = "systemd"; - }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index f0c19745..d19e0aee 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -1,6 +1,7 @@ { lib, config, + pkgs, ... }: let forgejoPort = 8081; @@ -67,6 +68,31 @@ in { config.services.forgejo.settings.server.SSH_LISTEN_PORT ]; } + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " + '') + ); + }; + + services.fail2ban = { + jails = { + forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + enabled = true; + filter = "forgejo"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { assertions = [ { diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index 2756e5c2..51607018 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -1,6 +1,7 @@ { lib, config, + pkgs, ... }: let mediaLocation = "/var/lib/immich"; @@ -59,6 +60,27 @@ in { ]; }; } + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = immich-server.*Failed login attempt for user.+from ip address\s? + journalmatch = CONTAINER_TAG=immich-server + '') + ); + }; + + services.fail2ban = { + jails = { + immich-iptables.settings = lib.mkIf config.services.immich.enable { + enabled = true; + filter = "immich"; + backend = "systemd"; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { assertions = [ { diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 77d5744b..79e0ffa6 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -53,6 +53,31 @@ in { pkgs.jellyfin-ffmpeg ]; } + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." + '') + ); + }; + + services.fail2ban = { + jails = { + jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + enabled = true; + filter = "jellyfin"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.jellyfin.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { fileSystems."/persist/system/jellyfin".neededForBoot = true; From 597c25b49dcaded5ff32864fa42ac99cc8dcff4c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 13:27:04 -0500 Subject: [PATCH 601/932] moved service config out of host namespace --- README.md | 1 - .../nixos/defiant/configuration.nix | 45 +++++----- modules/nixos-modules/server/fail2ban.nix | 9 +- modules/nixos-modules/server/forgejo.nix | 54 ++++++------ modules/nixos-modules/server/immich.nix | 15 +--- modules/nixos-modules/server/jellyfin.nix | 15 ++-- modules/nixos-modules/server/searx.nix | 84 +++++++++---------- 7 files changed, 98 insertions(+), 125 deletions(-) diff --git a/README.md b/README.md index 7c1908e7..2c46110f 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - syncthing folder passwords - nfs export should be backed by the same values for server and client - move fail2ban configs out of fail2ban.nix and into configs for their respective services -- move extra custom configuration for services out of host config and instead extend services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5c3a7eda..78c215d5 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -48,9 +48,6 @@ ]; }; }; - fail2ban = { - enable = true; - }; network_storage = { enable = true; directories = [ @@ -74,7 +71,7 @@ folder = "media"; user = "jellyfin"; group = "jellyfin_media"; - bind = config.host.jellyfin.media_directory; + bind = config.services.jellyfin.media_directory; } ]; nfs = { @@ -94,19 +91,6 @@ }; }; }; - jellyfin = { - enable = true; - subdomain = "media"; - extraSubdomains = ["jellyfin"]; - }; - forgejo = { - enable = true; - subdomain = "git"; - }; - searx = { - enable = true; - subdomain = "search"; - }; home-assistant = { enable = false; subdomain = "home"; @@ -114,10 +98,6 @@ adguardhome = { enable = false; }; - immich = { - enable = true; - subdomain = "photos"; - }; sync = { enable = true; folders = { @@ -187,6 +167,29 @@ "--accept-dns=false" ]; }; + + fail2ban.enable = true; + + jellyfin = { + enable = true; + subdomain = "media"; + extraSubdomains = ["jellyfin"]; + }; + + immich = { + enable = true; + subdomain = "photos"; + }; + + forgejo = { + enable = true; + subdomain = "git"; + }; + + searx = { + enable = true; + subdomain = "search"; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 6fdfd6a5..be83e6fb 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -7,11 +7,7 @@ dataFolder = "/var/lib/fail2ban"; dataFile = "fail2ban.sqlite3"; in { - options.host.fail2ban = { - enable = lib.mkEnableOption "should fail 2 ban be enabled on this server"; - }; - - config = lib.mkIf config.host.fail2ban.enable (lib.mkMerge [ + config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ { environment.etc = { "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( @@ -37,7 +33,6 @@ in { }; services.fail2ban = { - enable = true; maxretry = 5; ignoreIP = [ # Whitelist local networks @@ -90,8 +85,6 @@ in { ]; environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; directories = [ { directory = dataFolder; diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index d19e0aee..40a53030 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -9,8 +9,7 @@ db_user = "forgejo"; sshPort = 22222; in { - options.host.forgejo = { - enable = lib.mkEnableOption "should forgejo be enabled on this computer"; + options.services.forgejo = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that forgejo will be hosted at"; @@ -18,10 +17,10 @@ in { }; }; - config = lib.mkIf config.host.forgejo.enable (lib.mkMerge [ + config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.host.forgejo.subdomain} = { + reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { target = "http://localhost:${toString forgejoPort}"; }; postgres = { @@ -34,32 +33,29 @@ in { }; }; - services = { - forgejo = { - enable = true; - database = { - type = "postgres"; - socket = "/run/postgresql"; + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = forgejoPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = config.users.users.git.name; + ROOT_URL = "https://git.jan-leila.com"; }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.host.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = config.users.users.git.name; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; }; }; }; diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index 51607018..e7088a9e 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -6,8 +6,7 @@ }: let mediaLocation = "/var/lib/immich"; in { - options.host.immich = { - enable = lib.mkEnableOption "should immich be enabled on this computer"; + options.services.immich = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that immich will be hosted at"; @@ -15,10 +14,10 @@ in { }; }; - config = lib.mkIf config.host.immich.enable (lib.mkMerge [ + config = lib.mkIf config.services.immich.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.host.immich.subdomain} = { + reverse_proxy.subdomains.${config.services.immich.subdomain} = { target = "http://localhost:${toString config.services.immich.port}"; websockets.enable = true; @@ -45,12 +44,6 @@ in { }; }; - services.immich = { - enable = true; - port = 2283; - # redis.enable = false; - }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedUDPPorts = [ config.services.immich.port @@ -89,8 +82,6 @@ in { } ]; environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; directories = [ { directory = mediaLocation; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 79e0ffa6..010ea1a1 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -8,8 +8,7 @@ jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { - options.host.jellyfin = { - enable = lib.mkEnableOption "should jellyfin be enabled on this computer"; + options.services.jellyfin = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that jellyfin will be hosted at"; @@ -27,16 +26,14 @@ in { }; }; - config = lib.mkIf config.host.jellyfin.enable ( + config = lib.mkIf config.services.jellyfin.enable ( lib.mkMerge [ { - services.jellyfin.enable = true; - host.reverse_proxy.subdomains.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; - subdomain = config.host.jellyfin.subdomain; - extraSubdomains = config.host.jellyfin.extraSubdomains; + subdomain = config.services.jellyfin.subdomain; + extraSubdomains = config.services.jellyfin.extraSubdomains; forwardHeaders.enable = true; @@ -107,8 +104,6 @@ in { environment.persistence = { "/persist/system/root" = { - enable = true; - hideMounts = true; directories = [ { directory = jellyfin_data_directory; @@ -128,7 +123,7 @@ in { hideMounts = true; directories = [ { - directory = config.host.jellyfin.media_directory; + directory = config.services.jellyfin.media_directory; user = "jellyfin"; group = "jellyfin_media"; mode = "1770"; diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index c578b410..d357308c 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -4,8 +4,7 @@ inputs, ... }: { - options.host.searx = { - enable = lib.mkEnableOption "should searx be enabled on this computer"; + options.services.searx = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that searx will be hosted at"; @@ -13,7 +12,7 @@ }; }; - config = lib.mkIf config.host.searx.enable { + config = lib.mkIf config.services.searx.enable { sops.secrets = { "services/searx" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; @@ -21,56 +20,53 @@ }; host = { reverse_proxy.subdomains.searx = { - subdomain = config.host.searx.subdomain; + subdomain = config.services.searx.subdomain; target = "http://localhost:${toString config.services.searx.settings.server.port}"; }; }; - services = { - searx = { - enable = true; - environmentFile = config.sops.secrets."services/searx".path; + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; }; - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; }; }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; }; }; } From 759390af8d4c650055d99c0f872dfb9002f9dd86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 14:35:54 -0500 Subject: [PATCH 602/932] removed unused syncthing config options --- .../nixos/defiant/configuration.nix | 15 ++------ .../nixos/horizon/configuration.nix | 11 ++---- .../nixos/twilight/configuration.nix | 11 ++---- modules/nixos-modules/sync.nix | 36 +------------------ 4 files changed, 7 insertions(+), 66 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 78c215d5..e3d59bdf 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -98,19 +98,6 @@ adguardhome = { enable = false; }; - sync = { - enable = true; - folders = { - share = { - enable = true; - calendar.enable = true; - }; - leyla = { - documents.enable = true; - notes.enable = true; - }; - }; - }; }; networking = { hostId = "c51763d6"; @@ -168,6 +155,8 @@ ]; }; + syncthing.enable = true; + fail2ban.enable = true; jellyfin = { diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index b59b7e90..63750030 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -17,15 +17,6 @@ }; eve.isDesktopUser = true; }; - sync = { - enable = true; - folders = { - share.enable = true; - leyla = { - documents.enable = true; - }; - }; - }; }; environment.systemPackages = [ @@ -66,6 +57,8 @@ # "--advertise-tags=tag:client,tag:mobile" ]; }; + + syncthing.enable = true; }; networking = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 6def768e..84670032 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -29,15 +29,6 @@ openRGB.enable = true; graphicsAcceleration.enable = true; }; - sync = { - enable = true; - folders = { - share.enable = true; - leyla = { - documents.enable = true; - }; - }; - }; }; services = { @@ -65,6 +56,8 @@ "--advertise-routes=192.168.0.0/24" ]; }; + + syncthing.enable = true; }; programs.steam = { enable = true; diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index de361e64..8915dc8b 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -7,39 +7,6 @@ mountDir = "/mnt/sync"; configDir = "/etc/syncthing"; in { - options.host.sync = { - enable = lib.mkEnableOption "should sync thing be enabled on this device"; - folders = { - share = { - enable = lib.mkEnableOption "should the share folder by synced"; - calendar = { - enable = lib.mkEnableOption "should the calendar folder be synced"; - }; - }; - leyla = { - documents = { - enable = lib.mkEnableOption "should the documents folder be synced"; - }; - notes = { - enable = lib.mkEnableOption "should the notes folder by synced"; - }; - }; - extraFolders = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({...}: { - options = { - path = lib.mkOption { - type = lib.types.str; - }; - devices = lib.mkOption { - type = lib.types.listof lib.types.str; - }; - }; - })); - default = {}; - }; - }; - }; - config = lib.mkMerge [ { systemd = lib.mkIf config.services.syncthing.enable { @@ -50,10 +17,9 @@ in { ]; }; } - (lib.mkIf config.host.sync.enable (lib.mkMerge [ + (lib.mkIf config.services.syncthing.enable (lib.mkMerge [ { services.syncthing = { - enable = true; user = "syncthing"; group = "syncthing"; dataDir = "${mountDir}/default"; From ba5d5a14876d2398b4ca4bf4b7bdb80a84306cca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 22 Mar 2025 14:39:19 -0500 Subject: [PATCH 603/932] removed all advertise tags comments --- configurations/nixos/defiant/configuration.nix | 1 - configurations/nixos/horizon/configuration.nix | 3 --- configurations/nixos/twilight/configuration.nix | 1 - 3 files changed, 5 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e3d59bdf..f7131fd0 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -146,7 +146,6 @@ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" - # "--advertise-tags=tag:server,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 63750030..082824d0 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -53,9 +53,6 @@ enable = true; authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; - extraUpFlags = [ - # "--advertise-tags=tag:client,tag:mobile" - ]; }; syncthing.enable = true; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 84670032..bbd8835a 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -49,7 +49,6 @@ extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" - # "--advertise-tags=tag:client,tag:static" ]; extraSetFlags = [ "--advertise-exit-node" From 77f1aa30b78f5f8fdaee3b23a787da509c105636 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 23 Mar 2025 19:16:02 -0500 Subject: [PATCH 604/932] drafted out virt home assistant --- .../nixos/defiant/configuration.nix | 14 +- modules/nixos-modules/server/default.nix | 2 +- .../nixos-modules/server/home-assistant.nix | 174 +++++++++++------- .../server/virt-home-assistant.nix | 155 ++++++++++++++++ 4 files changed, 270 insertions(+), 75 deletions(-) create mode 100644 modules/nixos-modules/server/virt-home-assistant.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index f7131fd0..7209aa93 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -91,10 +91,10 @@ }; }; }; - home-assistant = { - enable = false; - subdomain = "home"; - }; + # home-assistant = { + # enable = false; + # subdomain = "home"; + # }; adguardhome = { enable = false; }; @@ -178,6 +178,12 @@ enable = true; subdomain = "search"; }; + + virt-home-assistant = { + enable = false; + networkBridge = "bond0"; + hostDevice = "0x10c4:0xea60"; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 956ad9e9..6c3ba8e8 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,7 +8,7 @@ ./jellyfin.nix ./forgejo.nix ./searx.nix - ./home-assistant.nix + ./virt-home-assistant.nix ./adguardhome.nix ./immich.nix ]; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 254e183e..a90bd6da 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,6 +1,7 @@ { lib, config, + inputs, ... }: let configDir = "/var/lib/hass"; @@ -16,81 +17,114 @@ in { config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ { - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - services.home-assistant = { - enable = true; - configDir = configDir; - extraComponents = [ - "met" - "radio_browser" - "isal" - "zha" - "jellyfin" - "webostv" - "tailscale" - "syncthing" - "sonos" - "analytics_insights" - "unifi" - "openweathermap" - ]; - config = { - http = { - server_port = 8082; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - # recorder.db_url = "postgresql://@/${db_user}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts + virtualisation.libvirt = { + swtpm.enable = true; + connections."qemu:///session" = { + networks = [ + { + definition = inputs.nix-virt.lib.network.writeXML (inputs.nix-virt.lib.network.templates.bridge + { + uuid = "d57e37e2-311f-4e5c-a484-97c2210c2770"; + subnet_byte = 71; + }); + active = true; + } + ]; + domains = [ + { + definition = inputs.nix-virt.lib.domain.writeXML (inputs.nix-virt.lib.domain.templates.linux + { + name = "Home Assistant"; + uuid = "c5cc0efc-6101-4c1d-be31-acbba203ccde"; + memory = { + count = 4; + unit = "GiB"; + }; + # storage_vol = { + # pool = "MyPool"; + # volume = "Penguin.qcow2"; + # }; + }); + } ]; - }; - host = { - reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; }; }; + + # systemd.tmpfiles.rules = [ + # "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + # ]; + # services.home-assistant = { + # enable = true; + # configDir = configDir; + # extraComponents = [ + # "met" + # "radio_browser" + # "isal" + # "zha" + # "jellyfin" + # "webostv" + # "tailscale" + # "syncthing" + # "sonos" + # "analytics_insights" + # "unifi" + # "openweathermap" + # ]; + # config = { + # http = { + # server_port = 8082; + # use_x_forwarded_for = true; + # trusted_proxies = ["127.0.0.1" "::1"]; + # ip_ban_enabled = true; + # login_attempts_threshold = 10; + # }; + # # recorder.db_url = "postgresql://@/${db_user}"; + # "automation manual" = []; + # "automation ui" = "!include automations.yaml"; + # }; + # extraPackages = python3Packages: + # with python3Packages; [ + # hassil + # numpy + # gtts + # ]; + # }; + # host = { + # reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { + # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + # websockets.enable = true; + # forwardHeaders.enable = true; + + # extraConfig = '' + # add_header Upgrade $http_upgrade; + # add_header Connection \"upgrade\"; + + # proxy_buffering off; + + # proxy_read_timeout 90; + # ''; + # }; + # }; } (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = configDir; - user = "hass"; - group = "hass"; - } - ]; - }; + # assertions = [ + # { + # assertion = config.services.home-assistant.configDir == configDir; + # message = "home assistant config directory does not match persistence"; + # } + # ]; + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # { + # directory = configDir; + # user = "hass"; + # group = "hass"; + # } + # ]; + # }; }) ]); } diff --git a/modules/nixos-modules/server/virt-home-assistant.nix b/modules/nixos-modules/server/virt-home-assistant.nix new file mode 100644 index 00000000..42126685 --- /dev/null +++ b/modules/nixos-modules/server/virt-home-assistant.nix @@ -0,0 +1,155 @@ +{ + config, + lib, + pkgs, + ... +}: { + options.services.virt-home-assistant = { + enable = lib.mkEnableOption "Wether to enable home assistant virtual machine"; + networkBridge = lib.mkOption { + type = lib.types.str; + description = "what network bridge should we attach to the image"; + }; + hostDevice = lib.mkOption { + type = lib.types.str; + description = "what host devices should be attached to the image"; + }; + initialVersion = lib.mkOption { + type = lib.types.str; + description = "what home assistant image version should we pull for initial instal"; + default = "15.0"; + }; + imageName = lib.mkOption { + type = lib.types.str; + description = "where should the image be installed to"; + default = "home-assistant.qcow2"; + }; + installLocation = lib.mkOption { + type = lib.types.str; + description = "where should the image be installed to"; + default = "/etc/hass"; + }; + virtualMachineName = lib.mkOption { + type = lib.types.str; + description = "what name should we give the virtual machine"; + default = "home-assistant"; + }; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + }; + config = lib.mkIf config.services.virt-home-assistant.enable (lib.mkMerge [ + { + # environment.systemPackages = with pkgs; [ + # virt-manager + # ]; + + # TODO: move this to external module and just have an assertion here that its enabled + # enable virtualization on the system + virtualisation = { + libvirtd = { + enable = true; + qemu.ovmf.enable = true; + }; + }; + + # TODO: deactivation script? + # create service to install and start the container + systemd.services.virt-install-home-assistant = let + # TODO: all of these need to be escaped to be used in commands reliably + bridgedNetwork = config.services.virt-home-assistant.networkBridge; + hostDevice = config.services.virt-home-assistant.hostDevice; + virtualMachineName = config.services.virt-home-assistant.virtualMachineName; + imageName = config.services.virt-home-assistant.imageName; + installLocation = config.services.virt-home-assistant.installLocation; + installImage = "${installLocation}/${imageName}"; + initialVersion = config.services.virt-home-assistant.initialVersion; + + home-assistant-qcow2 = pkgs.fetchurl { + name = "home-assistant.qcow2"; + url = "https://github.com/home-assistant/operating-system/releases/download/${initialVersion}/haos_ova-${initialVersion}.qcow2.xz"; + hash = "sha256-V1BEjvvLNbMMKJVyMCmipjQ/3owoJteeVxoF9LDHo1U="; + postFetch = '' + cp $out src.xz + rm -r $out + ${pkgs.xz}/bin/unxz src.xz --stdout > $out/${imageName} + ''; + }; + + # Write a script to install the Home Assistant OS qcow2 image + virtInstallScript = pkgs.writeShellScriptBin "virt-install-hass" '' + # Copy the initial image out of the package store to the install location if we don't have one yet + if [ ! -f ${installImage} ]; then + cp ${home-assistant-qcow2} ${installLocation} + fi + + # Check if VM already exists, and other pre-conditions + if ! ${pkgs.libvirt}/bin/virsh list --all | grep -q ${virtualMachineName}; then + ${pkgs.virt-manager}/bin/virt-install --name ${virtualMachineName} \ + --description "Home Assistant OS" \ + --os-variant=generic \ + --boot uefi \ + --ram=2048 \ + --vcpus=2 \ + --import \ + --disk ${installImage},bus=sata \ + --network bridge=${bridgedNetwork} \ + --host-device ${hostDevice} \ + --graphics none + ${pkgs.libvirt}/bin/virsh autostart ${virtualMachineName} + fi + ''; + in { + description = "Install and start Home Assistant"; + wantedBy = ["multi-user.target"]; + after = ["local-fs.target"]; + requires = ["libvirtd.service"]; + serviceConfig.Type = "oneshot"; + serviceConfig = { + ExecStart = "${virtInstallScript}/bin/virt-install-hass"; + }; + }; + + # TODO: figure out what we need to proxy to the virtual image + # host = { + # reverse_proxy.subdomains.${config.services.virt-home-assistant.subdomain} = { + # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + # websockets.enable = true; + # forwardHeaders.enable = true; + + # extraConfig = '' + # add_header Upgrade $http_upgrade; + # add_header Connection \"upgrade\"; + + # proxy_buffering off; + + # proxy_read_timeout 90; + # ''; + # }; + # }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: figure out how to write a config for this, prob based on nginx proxy logs? + }) + (lib.mkIf config.host.impermanence.enable { + # assertions = [ + # { + # assertion = config.services.virt-home-assistant.installLocation == configDir; + # message = "home assistant install location does not match persistence"; + # } + # ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.virt-home-assistant.installLocation; + } + ]; + }; + }) + ]); +} From 629357a416f681c9aa72ed4b8eb1f470d358c2c4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 24 Mar 2025 17:22:46 -0500 Subject: [PATCH 605/932] port forwarded jellyfin port to stop logs from getting spammed --- .../nixos/defiant/hardware-configuration.nix | 2 +- .../nixos/horizon/configuration.nix | 43 ------------------- modules/nixos-modules/server/jellyfin.nix | 2 + 3 files changed, 3 insertions(+), 44 deletions(-) diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index 85dcd9e5..3b3ac456 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -72,7 +72,7 @@ networkConfig.DHCP = "yes"; address = [ - "192.168.1.10/24" + "192.168.1.10" ]; gateway = ["192.168.1.1"]; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 082824d0..dabb2cf9 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -31,9 +31,6 @@ "wireguard-keys/tailscale-authkey/horizon" = { sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; }; - # "wireguard-keys/proton/horizon" = { - # sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; - # }; }; services = { @@ -58,46 +55,6 @@ syncthing.enable = true; }; - networking = { - # wg-quick.interfaces = { - # proton = { - # # IP address of this machine in the *tunnel network* - # address = ["10.2.0.1/32"]; - - # listenPort = 51820; - - # privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path; - - # peers = [ - # { - # publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "84.17.63.8:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "OIPOmEDCJfuvTJ0dugMtY5L14gVpfpDdY3suniY5h3Y="; - # allowedIPs = ["0.0.0.0/0"]; - # endpoint = "68.169.42.242:51820"; - # persistentKeepalive = 25; - # } - # { - # publicKey = "uvEa3sdmi5d/OxozjecVIGQHgw4H42mNIX/QOulwDhs="; - # allowedIPs = ["0.0.0.0/0"]; - # } - # ]; - # }; - # }; - }; - - # networking.extraHosts = '' - # # 192.168.1.204 jan-leila.com - # 192.168.1.204 media.jan-leila.com - # # 192.168.1.204 drive.jan-leila.com - # 192.168.1.204 git.jan-leila.com - # # 192.168.1.204 search.jan-leila.com - # ''; - # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 010ea1a1..49d9a9f2 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -49,6 +49,8 @@ in { pkgs.jellyfin-web pkgs.jellyfin-ffmpeg ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort]; } (lib.mkIf config.services.fail2ban.enable { environment.etc = { From 239ab58b5c728cd132017d7b5b15f5ffac22c6a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 13:09:34 -0500 Subject: [PATCH 606/932] installed paperwork --- configurations/home-manager/leyla/packages.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index cceffb67..f015e40e 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -48,7 +48,6 @@ in { makemkv transmission_4-gtk onionshare - easytag # rhythmbox (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) # wireshark @@ -56,6 +55,8 @@ in { # fritzing mfoc tor-browser + anki + paperwork # proprietary platforms discord @@ -63,8 +64,6 @@ in { # steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - anki - # development tools # androidStudioPackages.canary jetbrains.idea-community From fd9d764e67aa415fd18438232cee44b872f98c0b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 14:24:43 -0500 Subject: [PATCH 607/932] uninstalled paperwork --- configurations/home-manager/leyla/packages.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index f015e40e..5bc82b72 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -56,7 +56,6 @@ in { mfoc tor-browser anki - paperwork # proprietary platforms discord From 508e831a2a7b6db5e0d795582db21e6695e4021b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 15:40:12 -0500 Subject: [PATCH 608/932] renamed supernote notes share --- configurations/syncthing/default.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index 1934684e..bd05d9f0 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -6,7 +6,7 @@ leyla_calendar = { id = "8oatl-1rv6w"; }; - leyla_notes = { + leyla_supernote_notes = { id = "dwbuv-zffnf"; }; share = { @@ -25,8 +25,8 @@ folder = config.folders.leyla_calendar; path = "/mnt/sync/leyla/calendar"; }; - leyla_notes = { - folder = config.folders.leyla_notes; + leyla_supernote_notes = { + folder = config.folders.leyla_supernote_notes; path = "/mnt/sync/leyla/notes"; }; share = { @@ -64,12 +64,12 @@ coven = { id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; folders = { - share = { - folder = config.folders.share; - }; leyla_documents = { folder = config.folders.leyla_documents; }; + share = { + folder = config.folders.share; + }; }; }; ceder = { @@ -85,7 +85,7 @@ folder = config.folders.leyla_calendar; }; leyla_notes = { - folder = config.folders.leyla_notes; + folder = config.folders.leyla_supernote_notes; }; }; }; From bd608563c0a839d8941e3e9e14279323ef8afed4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 15:56:18 -0500 Subject: [PATCH 609/932] added emergent and eves records folders --- configurations/syncthing/default.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix index bd05d9f0..397f678c 100644 --- a/configurations/syncthing/default.nix +++ b/configurations/syncthing/default.nix @@ -9,6 +9,9 @@ leyla_supernote_notes = { id = "dwbuv-zffnf"; }; + eve_records = { + id = "by6at-d4h9n"; + }; share = { id = "73ot0-cxmkx"; }; @@ -29,6 +32,10 @@ folder = config.folders.leyla_supernote_notes; path = "/mnt/sync/leyla/notes"; }; + eve_records = { + folder = config.folders.eve_records; + path = "/mnt/sync/eve/records"; + }; share = { folder = config.folders.share; path = "/mnt/sync/default/share"; @@ -89,6 +96,17 @@ }; }; }; + emergent = { + id = "6MIDMKJ-7IFHXVX-FIR3YTB-KVE75LN-PA6IOTN-I257LWR-MMC4K6C-5H4SHQN"; + folders = { + eve_records = { + folder = config.folders.eve_records; + }; + share = { + folder = config.folders.share; + }; + }; + }; shale = { id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; folders = { From 70ed1618b5ad7af115afa97af089f71aad14d876 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 26 Mar 2025 17:11:22 -0500 Subject: [PATCH 610/932] added pdfarranger and calibre to applications --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 5bc82b72..c4bfda2b 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -56,6 +56,7 @@ in { mfoc tor-browser anki + pdfarranger # proprietary platforms discord From 89534b38d36de9cceb7f6576c5cbe632ace6102d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 29 Mar 2025 10:06:31 -0500 Subject: [PATCH 611/932] added calibre to leyla packages --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index c4bfda2b..43124a7d 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -57,6 +57,7 @@ in { tor-browser anki pdfarranger + calibre # proprietary platforms discord From f77ff8d28422d7bc68c6dbc6184666ccc1b8288d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 29 Mar 2025 11:43:51 -0500 Subject: [PATCH 612/932] updated flake lock and disabled lix again --- flake.lock | 128 ++++++++--------------------------------------- flake.nix | 8 +-- util/default.nix | 4 +- 3 files changed, 28 insertions(+), 112 deletions(-) diff --git a/flake.lock b/flake.lock index 56a5cd18..b9809b3b 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742489760, - "narHash": "sha256-OkYl/wf09cKviSV1R6SshcRmeX1iDNEKCMg5KlmTwK0=", + "lastModified": 1743119709, + "narHash": "sha256-tlJY7MfAena/yi3lmd7y7vQGpLma4Q1BLtO4dvzF/Vs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "10f7b577f5081b30ca6b7fd5f98de8d7dfdb5a27", + "rev": "f8861a4b09a181dd88f6626d0202d9225ae85d65", "type": "gitlab" }, "original": { @@ -91,39 +91,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -131,11 +98,11 @@ ] }, "locked": { - "lastModified": 1742588233, - "narHash": "sha256-Fi5g8H5FXMSRqy+mU6gPG0v+C9pzjYbkkiePtz8+PpA=", + "lastModified": 1743259333, + "narHash": "sha256-2Fi3K++co4IGbeOLGXdRA6VEfbzQzMgcuBaPTyjfj0s=", "owner": "nix-community", "repo": "home-manager", - "rev": "296ddc64627f4a6a4eb447852d7346b9dd16197d", + "rev": "1f679ed2a2ebe3894bad9f89fb0bd9f141c28a68", "type": "github" }, "original": { @@ -159,41 +126,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741892773, - "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", - "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/ed7a2fa83145868ecb830d6b3c73ebfd81a9e911.tar.gz?rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -201,11 +133,11 @@ ] }, "locked": { - "lastModified": 1742595055, - "narHash": "sha256-cEetDber6LF8W4ThmRc4rwKs/o8y2GH0pUdX7e6CnAQ=", + "lastModified": 1743221873, + "narHash": "sha256-i8VPNm4UBsC3Ni6VwjojVJvCpS9GZ4vPrpFRtCGJzBs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "e9f41de2a81f04390afd106959adf352a207628f", + "rev": "53d0f0ed11487a4476741fde757d0feabef4cc4e", "type": "github" }, "original": { @@ -237,17 +169,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1742522036, - "narHash": "sha256-OmIHuzgZt38vn9SkysbS5D+KaAbKadtaKfODh0iWALk=", + "lastModified": 1743213162, + "narHash": "sha256-9UU0x2fZORsX6PEpzkIAD/7+bwm+javJtZA/411ZmLg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "4cff80a994fd6edb6c62ee5439cd587b50871cf3", + "rev": "1b2a53e3478225bc35d14ae75ea9e7b749c16d5b", "type": "github" }, "original": { @@ -258,11 +190,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1742376361, - "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=", + "lastModified": 1743167577, + "narHash": "sha256-I09SrXIO0UdyBFfh0fxDq5WnCDg8XKmZ1HQbaXzMA1k=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9", + "rev": "0ed819e708af17bfc4bbc63ee080ef308a24aa42", "type": "github" }, "original": { @@ -274,11 +206,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742422364, - "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", + "lastModified": 1743095683, + "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", + "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", "type": "github" }, "original": { @@ -295,7 +227,6 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -328,11 +259,11 @@ ] }, "locked": { - "lastModified": 1742595978, - "narHash": "sha256-05onsoMrLyXE4XleDCeLC3bXnC4nyUbKWInGwM7v6hU=", + "lastModified": 1742700801, + "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "b7756921b002de60fb66782effad3ce8bdb5b25d", + "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", "type": "github" }, "original": { @@ -355,21 +286,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f9cb9a68..c5968db7 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # lix-module = { + # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index c6e0e06a..4b713da2 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From c1b52262b686226212ad052e06b740f959cadfca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 29 Mar 2025 14:56:30 -0500 Subject: [PATCH 613/932] removed completed task from tech debt tasks --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 2c46110f..bc31eca0 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - syncthing folder passwords - nfs export should be backed by the same values for server and client -- move fail2ban configs out of fail2ban.nix and into configs for their respective services ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - samba mounts From 8a3aaba17c4ddf321c0ea5e0a2525c69e27360d4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 30 Mar 2025 13:23:16 -0500 Subject: [PATCH 614/932] added qbittorrent package --- configurations/home-manager/leyla/packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 43124a7d..449e828d 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -58,6 +58,7 @@ in { anki pdfarranger calibre + qbittorrent # proprietary platforms discord @@ -78,7 +79,7 @@ in { openvpn noisetorch - # hardware managment tools + # hardware management tools (lib.mkIf hardware.piperMouse.enable piper) (lib.mkIf hardware.openRGB.enable openrgb) (lib.mkIf hardware.viaKeyboard.enable via) From 2f6e566acca7919850108eeebe28379a2f7de860 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 15:25:22 -0500 Subject: [PATCH 615/932] updated wireguard keys file to vpn keys file --- .sops.yaml | 2 +- .../nixos/defiant/configuration.nix | 6 +- .../nixos/horizon/configuration.nix | 6 +- .../nixos/twilight/configuration.nix | 6 +- flake.lock | 56 +++++++++---------- nix-config-secrets | 2 +- 6 files changed, 39 insertions(+), 39 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 3f54dccd..b8b0adfd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,7 +9,7 @@ creation_rules: key_groups: - age: - *leyla - - path_regex: secrets/wireguard-keys.yaml$ + - path_regex: secrets/vpn-keys.yaml$ key_groups: - age: - *leyla diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7209aa93..74558125 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -6,8 +6,8 @@ ... }: { sops.secrets = { - "wireguard-keys/tailscale-authkey/defiant" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + "vpn-keys/tailscale-authkey/defiant" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; @@ -140,7 +140,7 @@ }; tailscale = { enable = true; - authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/defiant".path; + authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; extraUpFlags = [ "--advertise-exit-node" diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index dabb2cf9..5f1fd3aa 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -28,8 +28,8 @@ programs.adb.enable = true; sops.secrets = { - "wireguard-keys/tailscale-authkey/horizon" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + "vpn-keys/tailscale-authkey/horizon" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; }; @@ -48,7 +48,7 @@ }; tailscale = { enable = true; - authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/horizon".path; + authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; useRoutingFeatures = "client"; }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index bbd8835a..73dd6420 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -10,8 +10,8 @@ nixpkgs.config.allowUnfree = true; sops.secrets = { - "wireguard-keys/tailscale-authkey/twilight" = { - sopsFile = "${inputs.secrets}/wireguard-keys.yaml"; + "vpn-keys/tailscale-authkey/twilight" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; }; host = { @@ -44,7 +44,7 @@ tailscale = { enable = true; - authKeyFile = config.sops.secrets."wireguard-keys/tailscale-authkey/twilight".path; + authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/twilight".path; useRoutingFeatures = "both"; extraUpFlags = [ "--advertise-exit-node" diff --git a/flake.lock b/flake.lock index b9809b3b..d9ea0b7a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1741786315, - "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", + "lastModified": 1743524395, + "narHash": "sha256-BXVan1TBC2iDJODFvCoz2XrbAOyZ9KWjwyIkOYwO4Mc=", "owner": "nix-community", "repo": "disko", - "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", + "rev": "f6dbc8952df9e40afafbe38449751bfad12d64f2", "type": "github" }, "original": { @@ -29,11 +29,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1743119709, - "narHash": "sha256-tlJY7MfAena/yi3lmd7y7vQGpLma4Q1BLtO4dvzF/Vs=", + "lastModified": 1743527765, + "narHash": "sha256-Y7TQ4bseuTjnXu3/Km8ylRIkyiYrZjwp5cqcb/7bJzs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f8861a4b09a181dd88f6626d0202d9225ae85d65", + "rev": "d7c0454483cf3644c8e5d3094ad2f1ee2cdcc6b0", "type": "gitlab" }, "original": { @@ -98,11 +98,11 @@ ] }, "locked": { - "lastModified": 1743259333, - "narHash": "sha256-2Fi3K++co4IGbeOLGXdRA6VEfbzQzMgcuBaPTyjfj0s=", + "lastModified": 1743527271, + "narHash": "sha256-EuanEW1qqXZ2h0zJnq7uz8BoHbsgHgUrqWkCZHwZ9FA=", "owner": "nix-community", "repo": "home-manager", - "rev": "1f679ed2a2ebe3894bad9f89fb0bd9f141c28a68", + "rev": "f4d9d1e2ad19d544a0a0cf3f8f371c6139c762e9", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1743221873, - "narHash": "sha256-i8VPNm4UBsC3Ni6VwjojVJvCpS9GZ4vPrpFRtCGJzBs=", + "lastModified": 1743496612, + "narHash": "sha256-emPWa5lmKbnyuj8c1mSJUkzJNT+iJoU9GMcXwjp2oVM=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "53d0f0ed11487a4476741fde757d0feabef4cc4e", + "rev": "73d59580d01e9b9f957ba749f336a272869c42dd", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1743213162, - "narHash": "sha256-9UU0x2fZORsX6PEpzkIAD/7+bwm+javJtZA/411ZmLg=", + "lastModified": 1743473153, + "narHash": "sha256-RVOgS/5+Nd/Oq3aXhIk8Y3aAILCYwm8nmrvLogy1hI0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1b2a53e3478225bc35d14ae75ea9e7b749c16d5b", + "rev": "57ed10b9d4395687b38277f422fbb0700f65e632", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1743167577, - "narHash": "sha256-I09SrXIO0UdyBFfh0fxDq5WnCDg8XKmZ1HQbaXzMA1k=", + "lastModified": 1743420942, + "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0ed819e708af17bfc4bbc63ee080ef308a24aa42", + "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", "type": "github" }, "original": { @@ -206,11 +206,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743095683, - "narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=", + "lastModified": 1743315132, + "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", + "rev": "52faf482a3889b7619003c0daec593a1912fddc1", "type": "github" }, "original": { @@ -239,11 +239,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1742597341, - "narHash": "sha256-r9Tid/fvcxi6LjAtW7YbXGN1HAtz/XEQkWZVPw3pLvk=", + "lastModified": 1743538790, + "narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=", "ref": "refs/heads/main", - "rev": "d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433", - "revCount": 15, + "rev": "3d63dff77f8eda1667e3586169642cf256c4aa34", + "revCount": 17, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, @@ -259,11 +259,11 @@ ] }, "locked": { - "lastModified": 1742700801, - "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", + "lastModified": 1743502316, + "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", + "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", "type": "github" }, "original": { diff --git a/nix-config-secrets b/nix-config-secrets index d022f6bd..3d63dff7 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit d022f6bde68fa7aaf89c6c8b8c1a3ab2b6fb2433 +Subproject commit 3d63dff77f8eda1667e3586169642cf256c4aa34 From 899617266f486b447a503bf056eb6642b4c03ed4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 16:22:44 -0500 Subject: [PATCH 616/932] created p2p wireguard interface for defiant --- .../nixos/defiant/configuration.nix | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 74558125..ae69c26a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -9,6 +9,9 @@ "vpn-keys/tailscale-authkey/defiant" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; + "vpn-keys/proton-wireguard/defiant-p2p" = { + sopsFile = "${inputs.secrets}/vpn-keys.yaml"; + }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; @@ -101,6 +104,24 @@ }; networking = { hostId = "c51763d6"; + + wireguard.interfaces = { + p2p = { + ips = ["10.2.0.2/32"]; + listenPort = 51820; + + privateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + + peers = [ + { + publicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + allowedIPs = ["0.0.0.0/0"]; + endpoint = "185.230.126.146:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; }; services = { From 89c8cff8a9e37adde267630a425f658af5259f87 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 20:47:32 -0500 Subject: [PATCH 617/932] created qbittorrent config --- flake.nix | 2 + modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/server/qbittorent.nix | 160 ++++++++++++++++++++ modules/nixos-modules/users.nix | 16 ++ 4 files changed, 179 insertions(+) create mode 100644 modules/nixos-modules/server/qbittorent.nix diff --git a/flake.nix b/flake.nix index c5968db7..ba10d207 100644 --- a/flake.nix +++ b/flake.nix @@ -147,6 +147,8 @@ nix-inspect # for installing flakes from this repo onto other systems nixos-anywhere + # for updating disko configurations + disko ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 6c3ba8e8..7beee8ba 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -11,5 +11,6 @@ ./virt-home-assistant.nix ./adguardhome.nix ./immich.nix + ./qbittorent.nix ]; } diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix new file mode 100644 index 00000000..9b7b7e8f --- /dev/null +++ b/modules/nixos-modules/server/qbittorent.nix @@ -0,0 +1,160 @@ +{ + lib, + pkgs, + config, + ... +}: let + qbittorent_data_directory = "/var/lib/qbittorrent"; +in { + options.services.qbittorrent = { + enable = lib.mkEnableOption "should the headless qbittorrent service be enabled"; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/qbittorrent"; + description = lib.mdDoc '' + The directory where qBittorrent stores its data files. + ''; + }; + + mediaDir = lib.mkOption { + type = lib.types.path; + description = lib.mdDoc '' + The directory to create to store qbittorrent media. + ''; + }; + + user = lib.mkOption { + type = lib.types.str; + default = "qbittorrent"; + description = lib.mdDoc '' + User account under which qBittorrent runs. + ''; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "qbittorrent"; + description = lib.mdDoc '' + Group under which qBittorrent runs. + ''; + }; + + webPort = lib.mkOption { + type = lib.types.port; + default = 8080; + description = lib.mdDoc '' + qBittorrent web UI port. + ''; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Open services.qBittorrent.webPort to the outside network."; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.qbittorrent-nox; + defaultText = lib.literalExpression "pkgs.qbittorrent-nox"; + description = "The qbittorrent package to use."; + }; + }; + + config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ + { + networking.firewall = lib.mkIf config.services.qbittorrent.openFirewall { + allowedTCPPorts = [config.services.qbittorrent.webPort]; + }; + + systemd.services.qbittorrent = { + # based on the plex.nix service module and + # https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in + description = "qBittorrent-nox service"; + documentation = ["man:qbittorrent-nox(1)"]; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + + serviceConfig = { + Type = "simple"; + User = config.services.qbittorrent.user; + Group = config.services.qbittorrent.group; + + # Run the pre-start script with full permissions (the "!" prefix) so it + # can create the data directory if necessary. + ExecStartPre = let + preStartScript = pkgs.writeScript "qbittorrent-run-prestart" '' + #!${pkgs.bash}/bin/bash + + # Create data directory if it doesn't exist + if ! test -d "$QBT_PROFILE"; then + echo "Creating initial qBittorrent data directory in: $QBT_PROFILE" + install -d -m 0755 -o "${config.services.qbittorrent.user}" -g "${config.services.qbittorrent.group}" "$QBT_PROFILE" + fi + ''; + in "!${preStartScript}"; + + #ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; + ExecStart = "${config.services.qbittorrent.package}/bin/qbittorrent-nox"; + # To prevent "Quit & shutdown daemon" from working; we want systemd to + # manage it! + #Restart = "on-success"; + #UMask = "0002"; + #LimitNOFILE = cfg.openFilesLimit; + }; + + environment = { + QBT_PROFILE = config.services.qbittorrent.dataDir; + QBT_WEBUI_PORT = toString config.services.qbittorrent.webPort; + }; + }; + } + (lib.mkIf config.host.impermanence.enable { + fileSystems."/persist/system/qbittorrent".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/qbittorrent" = { + type = "zfs_fs"; + mountpoint = "/persist/system/qbittorrent"; + options = { + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.qbittorrent.dataDir == qbittorent_data_directory; + message = "qbittorrent data directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = qbittorent_data_directory; + user = "qbittorrent"; + group = "qbittorrent"; + } + ]; + }; + + "/persist/system/qbittorrent" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } + ]; + }; + }; + }) + ]); +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 7bdb3dd2..18cf06f5 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -23,6 +23,7 @@ ollama = 2008; git = 2009; immich = 2010; + qbittorrent = 2011; }; gids = { @@ -38,6 +39,7 @@ ollama = 2008; git = 2009; immich = 2010; + qbittorrent = 2011; }; users = config.users.users; @@ -159,6 +161,12 @@ in { isSystemUser = true; group = config.users.users.immich.name; }; + + qbittorrent = { + uid = lib.mkForce uids.qbittorrent; + isNormalUser = true; + group = config.users.users.qbittorrent.name; + }; }; groups = { @@ -255,6 +263,14 @@ in { # leyla ]; }; + + qbittorrent = { + gid = lib.mkForce gids.qbittorrent; + members = [ + users.qbittorrent.name + leyla + ]; + }; }; }; } From e293c838417da265765183073cf7ced505423122 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 22:33:18 -0500 Subject: [PATCH 618/932] tried to fix wireguard config --- .../nixos/defiant/configuration.nix | 92 ++++++++++++++++--- .../nixos/defiant/hardware-configuration.nix | 30 +----- 2 files changed, 81 insertions(+), 41 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ae69c26a..199c1ba9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -11,6 +11,9 @@ }; "vpn-keys/proton-wireguard/defiant-p2p" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; + mode = "0640"; + owner = "root"; + group = "systemd-network"; }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; @@ -102,26 +105,84 @@ enable = false; }; }; - networking = { - hostId = "c51763d6"; - wireguard.interfaces = { - p2p = { - ips = ["10.2.0.2/32"]; - listenPort = 51820; + systemd.network = { + enable = true; - privateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + config = { + routeTables = { + p2p = 1; + }; + }; - peers = [ + netdevs = { + "10-bond0" = { + netdevConfig = { + Kind = "bond"; + Name = "bond0"; + }; + bondConfig = { + Mode = "802.3ad"; + TransmitHashPolicy = "layer3+4"; + }; + }; + + "15-p2p" = { + netdevConfig = { + Kind = "wireguard"; + Name = "p2p0"; + MTUBytes = "1300"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + ListenPort = 51820; + # RouteTable = "p2p"; + }; + wireguardPeers = [ { - publicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - allowedIPs = ["0.0.0.0/0"]; - endpoint = "185.230.126.146:51820"; - persistentKeepalive = 25; + PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + Endpoint = "185.230.126.146:51820"; + AllowedIPs = ["0.0.0.0/0"]; + RouteTable = "off"; } ]; }; }; + networks = { + "40-bond0" = { + matchConfig.Name = "bond0"; + linkConfig = { + RequiredForOnline = "degraded-carrier"; + RequiredFamilyForOnline = "any"; + }; + networkConfig.DHCP = "yes"; + + address = [ + "192.168.1.10/32" + ]; + + gateway = ["192.168.1.1"]; + dns = ["192.168.1.1"]; + }; + + "45-p2p" = { + matchConfig.Name = "p2p0"; + address = [ + "10.2.0.2/32" + ]; + # routingPolicyRules = [ + # { + # From = "10.2.0.2/32"; + # Table = "p2p"; + # } + # { + # To = "10.2.0.2/32"; + # Table = "p2p"; + # } + # ]; + linkConfig.RequiredForOnline = false; + }; + }; }; services = { @@ -205,6 +266,13 @@ networkBridge = "bond0"; hostDevice = "0x10c4:0xea60"; }; + + qbittorrent = { + enable = true; + mediaDir = "/srv/qbittorent"; + openFirewall = true; + webPort = 8084; + }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index 3b3ac456..d4a638b0 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -34,25 +34,13 @@ networking = { hostName = "defiant"; # Define your hostname. + hostId = "c51763d6"; useNetworkd = true; }; systemd.network = { enable = true; - netdevs = { - "10-bond0" = { - netdevConfig = { - Kind = "bond"; - Name = "bond0"; - }; - bondConfig = { - Mode = "802.3ad"; - TransmitHashPolicy = "layer3+4"; - }; - }; - }; - networks = { "30-eno1" = { matchConfig.Name = "eno1"; @@ -62,22 +50,6 @@ matchConfig.Name = "eno2"; networkConfig.Bond = "bond0"; }; - - "40-bond0" = { - matchConfig.Name = "bond0"; - linkConfig = { - RequiredForOnline = "degraded-carrier"; - RequiredFamilyForOnline = "any"; - }; - networkConfig.DHCP = "yes"; - - address = [ - "192.168.1.10" - ]; - - gateway = ["192.168.1.1"]; - dns = ["192.168.1.1"]; - }; }; }; From 669132d67f47b0b8806a56fe1a9990c955e7a089 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Apr 2025 02:59:28 -0500 Subject: [PATCH 619/932] installed sox --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 449e828d..d9f1b327 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -21,6 +21,7 @@ in { lib.lists.optionals userConfig.isTerminalUser ( with pkgs; [ # command line tools + sox yt-dlp ffmpeg imagemagick From eb738c14770b626f7e1bd367ee24258c0029658f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Apr 2025 03:14:35 -0500 Subject: [PATCH 620/932] cleaned up excluded packages --- .../nixos/defiant/configuration.nix | 25 ++++++------------- modules/nixos-modules/desktop.nix | 20 ++++++++++++++- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 199c1ba9..ca9a2910 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -127,11 +127,11 @@ }; }; - "15-p2p" = { + "15-p2p0" = { netdevConfig = { Kind = "wireguard"; Name = "p2p0"; - MTUBytes = "1300"; + MTUBytes = "1280"; }; wireguardConfig = { PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; @@ -165,21 +165,16 @@ dns = ["192.168.1.1"]; }; - "45-p2p" = { + "45-p2p0" = { matchConfig.Name = "p2p0"; address = [ "10.2.0.2/32" ]; - # routingPolicyRules = [ - # { - # From = "10.2.0.2/32"; - # Table = "p2p"; - # } - # { - # To = "10.2.0.2/32"; - # Table = "p2p"; - # } - # ]; + routes = [ + { + Destination = "0.0.0.0/0"; + } + ]; linkConfig.RequiredForOnline = false; }; }; @@ -203,11 +198,7 @@ }; desktopManager = { gnome.enable = true; - xterm.enable = false; }; - - # Get rid of xTerm - excludePackages = [pkgs.xterm]; }; ollama = { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 22a7b658..2182cb24 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -27,7 +27,25 @@ # Get rid of xTerm desktopManager.xterm.enable = false; - excludePackages = [pkgs.xterm]; + excludePackages = with pkgs; [ + xterm + transmission_4-qt + atomix # puzzle game + cheese # webcam tool + epiphany # web browser + geary # email reader + gedit # text editor + gnome-characters + gnome-music + gnome-photos + gnome-tour + gnome-logs + gnome-maps + hitori # sudoku game + iagno # go game + tali # poker game + yelp # help viewer + ]; }; pipewire = { From 1637a83f846f6e3d7b5f5b5ea5f869cbcc014d40 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Apr 2025 03:18:39 -0500 Subject: [PATCH 621/932] removed unused variable --- configurations/nixos/defiant/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ca9a2910..713eaf93 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -2,7 +2,6 @@ { inputs, config, - pkgs, ... }: { sops.secrets = { From 4eea3aa57d7e7b2c51f3cdc2f06a473f1b5b2244 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Apr 2025 17:17:56 -0500 Subject: [PATCH 622/932] exposed jellyfin dlan --- modules/nixos-modules/server/jellyfin.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 49d9a9f2..a8bbe71c 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -5,6 +5,7 @@ ... }: let jellyfinPort = 8096; + dlanPort = 1900; jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { @@ -50,7 +51,7 @@ in { pkgs.jellyfin-ffmpeg ]; - networking.firewall.allowedTCPPorts = [jellyfinPort]; + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; } (lib.mkIf config.services.fail2ban.enable { environment.etc = { From ee0697f4061de60453897e4cc4acc998284f685f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Apr 2025 22:37:31 -0500 Subject: [PATCH 623/932] updated flake --- flake.lock | 66 +++++++++++++++++++++--------------------------------- 1 file changed, 25 insertions(+), 41 deletions(-) diff --git a/flake.lock b/flake.lock index d9ea0b7a..5e946bb7 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1743524395, - "narHash": "sha256-BXVan1TBC2iDJODFvCoz2XrbAOyZ9KWjwyIkOYwO4Mc=", + "lastModified": 1744145203, + "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", "owner": "nix-community", "repo": "disko", - "rev": "f6dbc8952df9e40afafbe38449751bfad12d64f2", + "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", "type": "github" }, "original": { @@ -22,18 +22,17 @@ }, "firefox-addons": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1743527765, - "narHash": "sha256-Y7TQ4bseuTjnXu3/Km8ylRIkyiYrZjwp5cqcb/7bJzs=", + "lastModified": 1744586538, + "narHash": "sha256-cg6T6QnfIwAino7ruCQdqB4g6mj2aKg8Rbqjo6LiBDs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "d7c0454483cf3644c8e5d3094ad2f1ee2cdcc6b0", + "rev": "a3fe27c14a5cdd64a5319b3f83a1c65e29c9b4e1", "type": "gitlab" }, "original": { @@ -59,21 +58,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1629284811, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -98,11 +82,11 @@ ] }, "locked": { - "lastModified": 1743527271, - "narHash": "sha256-EuanEW1qqXZ2h0zJnq7uz8BoHbsgHgUrqWkCZHwZ9FA=", + "lastModified": 1744600951, + "narHash": "sha256-LNAAfQTDXSwtYYlh/v/tMwnCqeQAEHlBC9PgyQK5b/Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "f4d9d1e2ad19d544a0a0cf3f8f371c6139c762e9", + "rev": "e980d0e0e216f527ea73cfd12c7b019eceffa7f1", "type": "github" }, "original": { @@ -133,11 +117,11 @@ ] }, "locked": { - "lastModified": 1743496612, - "narHash": "sha256-emPWa5lmKbnyuj8c1mSJUkzJNT+iJoU9GMcXwjp2oVM=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "73d59580d01e9b9f957ba749f336a272869c42dd", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -169,17 +153,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1743473153, - "narHash": "sha256-RVOgS/5+Nd/Oq3aXhIk8Y3aAILCYwm8nmrvLogy1hI0=", + "lastModified": 1744595919, + "narHash": "sha256-lFuezewhTch2FFZfB6Bx31Ls3+ixt2UYp7rJtpOlgFI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "57ed10b9d4395687b38277f422fbb0700f65e632", + "rev": "ea3fe071c83dae7e6a485f7f648b4914eabea683", "type": "github" }, "original": { @@ -190,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1743420942, - "narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=", + "lastModified": 1744366945, + "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4", + "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", "type": "github" }, "original": { @@ -206,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743315132, - "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "52faf482a3889b7619003c0daec593a1912fddc1", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "type": "github" }, "original": { @@ -259,11 +243,11 @@ ] }, "locked": { - "lastModified": 1743502316, - "narHash": "sha256-zI2WSkU+ei4zCxT+IVSQjNM9i0ST++T2qSFXTsAND7s=", + "lastModified": 1744518500, + "narHash": "sha256-lv52pnfiRGp5+xkZEgWr56DWiRgkMFXpiGba3eJ3krE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e7f4d7ed8bce8dfa7d2f2fe6f8b8f523e54646f8", + "rev": "7e147a1ae90f0d4a374938cdc3df3cdaecb9d388", "type": "github" }, "original": { From 7f6f36378ce3f8a0b338c58dedd865aef4ceebdf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Apr 2025 23:07:57 -0500 Subject: [PATCH 624/932] removed many packages from defiant --- .../home-manager/leyla/packages.nix | 94 ++++++++++--------- .../nixos/horizon/configuration.nix | 4 + .../nixos/twilight/configuration.nix | 1 + modules/nixos-modules/desktop.nix | 1 - modules/nixos-modules/hardware.nix | 3 + 5 files changed, 57 insertions(+), 46 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index d9f1b327..460fa1f4 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -29,62 +29,66 @@ in { ) ++ ( lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ + (with pkgs; [ # helvetica font aileron gnomeExtensions.dash-to-dock - #foss platforms - signal-desktop - bitwarden - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - # kicad-small - makemkv - transmission_4-gtk - onionshare - # rhythmbox - (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) - # wireshark - # rpi-imager - # fritzing - mfoc - tor-browser - anki - pdfarranger - calibre - qbittorrent - - # proprietary platforms - discord - obsidian - # steam - (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - # development tools - # androidStudioPackages.canary - jetbrains.idea-community dbeaver-bin bruno - qFlipper proxmark3 + ]) + ++ ( + lib.lists.optionals hardware.directAccess.enable (with pkgs; [ + #foss platforms + signal-desktop-bin + bitwarden + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + # kicad-small + makemkv + onionshare + # rhythmbox + (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) + # wireshark + # rpi-imager + # fritzing + mfoc + tor-browser + anki + pdfarranger + calibre + qbittorrent - # system tools - protonvpn-gui - openvpn - noisetorch + # proprietary platforms + discord + obsidian + # steam + (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - # hardware management tools - (lib.mkIf hardware.piperMouse.enable piper) - (lib.mkIf hardware.openRGB.enable openrgb) - (lib.mkIf hardware.viaKeyboard.enable via) - ] + # development tools + # androidStudioPackages.canary + jetbrains.idea-community + qFlipper + + # system tools + protonvpn-gui + openvpn + noisetorch + + # hardware management tools + (lib.mkIf hardware.piperMouse.enable piper) + (lib.mkIf hardware.openRGB.enable openrgb) + (lib.mkIf hardware.viaKeyboard.enable via) + ]) + ) ) ); }; diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 5f1fd3aa..ae0c8de1 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -17,6 +17,10 @@ }; eve.isDesktopUser = true; }; + + hardware = { + directAccess.enable = true; + }; }; environment.systemPackages = [ diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 73dd6420..47e41ecb 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -28,6 +28,7 @@ viaKeyboard.enable = true; openRGB.enable = true; graphicsAcceleration.enable = true; + directAccess.enable = true; }; }; diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 2182cb24..cf59cd98 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -29,7 +29,6 @@ desktopManager.xterm.enable = false; excludePackages = with pkgs; [ xterm - transmission_4-qt atomix # puzzle game cheese # webcam tool epiphany # web browser diff --git a/modules/nixos-modules/hardware.nix b/modules/nixos-modules/hardware.nix index b002658f..1b22eced 100644 --- a/modules/nixos-modules/hardware.nix +++ b/modules/nixos-modules/hardware.nix @@ -12,5 +12,8 @@ graphicsAcceleration = { enable = lib.mkEnableOption "host has a gpu for graphical acceleration"; }; + directAccess = { + enable = lib.mkEnableOption "can a host be used on its own"; + }; }; } From 004dd743ed479f078396586d79532d95f158f610 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 15 Apr 2025 20:05:12 -0500 Subject: [PATCH 625/932] added import on file move setting to vs code --- configurations/home-manager/leyla/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index 2aa4059f..9ea3898f 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -39,6 +39,7 @@ in { "cSpell.userWords" = [ "webdav" ]; + "javascript.updateImportsOnFileMove.enabled" = "always"; } (lib.mkIf nix-development-enabled { "nix.enableLanguageServer" = true; From e20b752d11ddd26eeb3ac4ee76c964cf2fc888e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:05:04 -0500 Subject: [PATCH 626/932] default to tabs with a tab size of 2 --- configurations/home-manager/leyla/vscode.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index 9ea3898f..a721c5f6 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -40,6 +40,8 @@ in { "webdav" ]; "javascript.updateImportsOnFileMove.enabled" = "always"; + "editor.tabSize" = 2; + "editor.insertSpaces" = false; } (lib.mkIf nix-development-enabled { "nix.enableLanguageServer" = true; From af894531cdacc15947dabd7dc7223cb0471246a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:07:36 -0500 Subject: [PATCH 627/932] updated signal package for eve --- configurations/home-manager/eve/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 3042382a..0ea88ee7 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -63,7 +63,7 @@ in { bitwarden discord makemkv - signal-desktop + signal-desktop-bin ungoogled-chromium ] ); From 060dff826adec559f19ce9969c6a82d0b4b388fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:18:27 -0500 Subject: [PATCH 628/932] replaced better toml --- configurations/home-manager/leyla/vscode.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix index a721c5f6..e42c4cd2 100644 --- a/configurations/home-manager/leyla/vscode.nix +++ b/configurations/home-manager/leyla/vscode.nix @@ -97,7 +97,7 @@ in { unifiedjs.vscode-mdx # misc extensions - bungcip.better-toml + tamasfe.even-better-toml ] ++ ( lib.lists.optionals osConfig.services.ollama.enable [ From 1f610845c814bb24cc9e4b627c1593c8d5859f60 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 16 Apr 2025 12:30:32 -0500 Subject: [PATCH 629/932] updated flake lock --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5e946bb7..f1cb717f 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1744586538, - "narHash": "sha256-cg6T6QnfIwAino7ruCQdqB4g6mj2aKg8Rbqjo6LiBDs=", + "lastModified": 1744813899, + "narHash": "sha256-5J6kSkPbtuyX0tRggqadwulpqdgWHyQEDwhqVnY0T+g=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a3fe27c14a5cdd64a5319b3f83a1c65e29c9b4e1", + "rev": "f6dff741f9f485b3596a368704ec171d9eb8c7cd", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1744600951, - "narHash": "sha256-LNAAfQTDXSwtYYlh/v/tMwnCqeQAEHlBC9PgyQK5b/Q=", + "lastModified": 1744820898, + "narHash": "sha256-gUldr3LtCm/OfEnbH6sFFlyyxqPMCsfMs2Ha+0fdPDs=", "owner": "nix-community", "repo": "home-manager", - "rev": "e980d0e0e216f527ea73cfd12c7b019eceffa7f1", + "rev": "7ede02c32a729db0d6340bdb41d10e73ec511ca0", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1744595919, - "narHash": "sha256-lFuezewhTch2FFZfB6Bx31Ls3+ixt2UYp7rJtpOlgFI=", + "lastModified": 1744768710, + "narHash": "sha256-ow0HDShvAe9gkM3Ww5aoJo1lDLpC5pYQ7qLtnTaHoyI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ea3fe071c83dae7e6a485f7f648b4914eabea683", + "rev": "47bd3dc652c4a02dc565a9360fe828af38bea287", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744366945, - "narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", + "lastModified": 1744633460, + "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", + "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1744518500, - "narHash": "sha256-lv52pnfiRGp5+xkZEgWr56DWiRgkMFXpiGba3eJ3krE=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "7e147a1ae90f0d4a374938cdc3df3cdaecb9d388", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { From 3994002e0d60785d0d1d33cd901ed632eeff99e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 17 Apr 2025 00:44:44 -0500 Subject: [PATCH 630/932] installed picard --- configurations/home-manager/leyla/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 460fa1f4..0be9ab56 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -66,6 +66,7 @@ in { pdfarranger calibre qbittorrent + picard # proprietary platforms discord From bc3efbe2cbebdfaa7c2329373116040cf97054c3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 19 Apr 2025 11:02:25 -0500 Subject: [PATCH 631/932] disabled vpn on defiant --- .../nixos/defiant/configuration.nix | 76 +++++++++---------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 713eaf93..8e1eab8a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -46,7 +46,7 @@ "ata-ST18000NE000-3G6101_ZVTD10EH" "ata-ST18000NT001-3NF101_ZVTE0S3Q" "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NT001-3NF101_ZVTEZACV" + "ata-ST18000NT001-3NF101_ZVTEZACV" # this one is broken replace with "ata-ST18000NT001-XXXXXX_ZVTJ732N" ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" @@ -108,11 +108,11 @@ systemd.network = { enable = true; - config = { - routeTables = { - p2p = 1; - }; - }; + # config = { + # routeTables = { + # p2p = 1; + # }; + # }; netdevs = { "10-bond0" = { @@ -126,26 +126,26 @@ }; }; - "15-p2p0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "p2p0"; - MTUBytes = "1280"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; - ListenPort = 51820; - # RouteTable = "p2p"; - }; - wireguardPeers = [ - { - PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - Endpoint = "185.230.126.146:51820"; - AllowedIPs = ["0.0.0.0/0"]; - RouteTable = "off"; - } - ]; - }; + # "15-p2p0" = { + # netdevConfig = { + # Kind = "wireguard"; + # Name = "p2p0"; + # MTUBytes = "1280"; + # }; + # wireguardConfig = { + # PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + # ListenPort = 51820; + # # RouteTable = "p2p"; + # }; + # wireguardPeers = [ + # { + # PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + # Endpoint = "185.230.126.146:51820"; + # AllowedIPs = ["0.0.0.0/0"]; + # RouteTable = "off"; + # } + # ]; + # }; }; networks = { "40-bond0" = { @@ -164,18 +164,18 @@ dns = ["192.168.1.1"]; }; - "45-p2p0" = { - matchConfig.Name = "p2p0"; - address = [ - "10.2.0.2/32" - ]; - routes = [ - { - Destination = "0.0.0.0/0"; - } - ]; - linkConfig.RequiredForOnline = false; - }; + # "45-p2p0" = { + # matchConfig.Name = "p2p0"; + # address = [ + # "10.2.0.2/32" + # ]; + # routes = [ + # { + # Destination = "0.0.0.0/0"; + # } + # ]; + # linkConfig.RequiredForOnline = false; + # }; }; }; From 3978d58c1a69adeb23257a5fa37dd57b7ef9460f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 24 Apr 2025 19:12:26 -0500 Subject: [PATCH 632/932] installed steam on horizon --- configurations/home-manager/leyla/packages.nix | 1 - configurations/nixos/horizon/configuration.nix | 11 ++++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 0be9ab56..506c2b30 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -71,7 +71,6 @@ in { # proprietary platforms discord obsidian - # steam (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index ae0c8de1..63ed59dc 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -8,6 +8,8 @@ inputs.nixos-hardware.nixosModules.framework-11th-gen-intel ]; + nixpkgs.config.allowUnfree = true; + host = { users = { leyla = { @@ -29,7 +31,14 @@ {}) ]; - programs.adb.enable = true; + programs = { + adb.enable = true; + steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + }; sops.secrets = { "vpn-keys/tailscale-authkey/horizon" = { From 3f37eea9a82bf2360144d5a2f288bdd33ba9d228 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 1 May 2025 22:18:04 -0500 Subject: [PATCH 633/932] enabled ollama on twilight --- configurations/nixos/twilight/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 47e41ecb..3d8e6b18 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -34,7 +34,7 @@ services = { ollama = { - enable = false; + enable = true; loadModels = [ "deepseek-coder:6.7b" From 7644c3a4305fb59f0da0e205cc57d2e9650cd5be Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 2 May 2025 17:20:35 -0500 Subject: [PATCH 634/932] updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index f1cb717f..cba3bfed 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1744145203, - "narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=", + "lastModified": 1745812220, + "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=", "owner": "nix-community", "repo": "disko", - "rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989", + "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1744813899, - "narHash": "sha256-5J6kSkPbtuyX0tRggqadwulpqdgWHyQEDwhqVnY0T+g=", + "lastModified": 1746187242, + "narHash": "sha256-wtfhdDEPsxKYaJHCt0+eYaLm9pFVw594MZzQqP6iIE0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f6dff741f9f485b3596a368704ec171d9eb8c7cd", + "rev": "982ed2da17695d932b695eacaec05c8ca053f8fc", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1744820898, - "narHash": "sha256-gUldr3LtCm/OfEnbH6sFFlyyxqPMCsfMs2Ha+0fdPDs=", + "lastModified": 1746204974, + "narHash": "sha256-Evu4H0/kzaQoCNLGQTp+JGTqkywzPx0IAo20Ci2zNck=", "owner": "nix-community", "repo": "home-manager", - "rev": "7ede02c32a729db0d6340bdb41d10e73ec511ca0", + "rev": "1e8c62c651242fc685b10efc4a48ab777635fb7f", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "lastModified": 1745816321, + "narHash": "sha256-Gyh/fkCDqVNGM0BWvk+4UAS17w2UI6iwnbQQCmc1TDI=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "rev": "4515dacafb0ccd42e5395aacc49fd58a43027e01", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1744768710, - "narHash": "sha256-ow0HDShvAe9gkM3Ww5aoJo1lDLpC5pYQ7qLtnTaHoyI=", + "lastModified": 1746151051, + "narHash": "sha256-zdPTKcfvZ/mL9urzbJuQVbsIJTNIKVmI9QEimb7xIAM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "47bd3dc652c4a02dc565a9360fe828af38bea287", + "rev": "31e24801a4d8eabd8c500237af732ca2ab305326", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1744633460, - "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", + "lastModified": 1745955289, + "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", + "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1744463964, - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "lastModified": 1746141548, + "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1744669848, - "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", + "lastModified": 1745310711, + "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61154300d945f0b147b30d24ddcafa159148026a", + "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", "type": "github" }, "original": { From 17fc9618ba116bd1f13df4776f2c0a47d9bf8110 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 10 May 2025 16:44:47 -0500 Subject: [PATCH 635/932] disabled activity feed on home page --- configurations/home-manager/leyla/firefox.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index eef5d882..2781fe4b 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -121,6 +121,7 @@ "trailhead.firstrun.didSeeAboutWelcome" = true; "browser.bookmarks.restore_default_bookmarks" = false; "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; # Usage Experiance "browser.startup.homepage" = "about:home"; From 825bdfc50610dfd55e897ef0401febc6a3b47f48 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 10 May 2025 16:58:04 -0500 Subject: [PATCH 636/932] updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index cba3bfed..ad193be9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1745812220, - "narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=", + "lastModified": 1746729224, + "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", "owner": "nix-community", "repo": "disko", - "rev": "d0c543d740fad42fe2c035b43c9d41127e073c78", + "rev": "85555d27ded84604ad6657ecca255a03fd878607", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1746187242, - "narHash": "sha256-wtfhdDEPsxKYaJHCt0+eYaLm9pFVw594MZzQqP6iIE0=", + "lastModified": 1746849806, + "narHash": "sha256-6vJX4DnhDlWNtOOh3v08YqPgjJblfgHnV9562nPHNEo=", "owner": "rycee", "repo": "nur-expressions", - "rev": "982ed2da17695d932b695eacaec05c8ca053f8fc", + "rev": "e2408d3f94a6b658e12f135501aa7fd38efabc72", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1746204974, - "narHash": "sha256-Evu4H0/kzaQoCNLGQTp+JGTqkywzPx0IAo20Ci2zNck=", + "lastModified": 1746912617, + "narHash": "sha256-SSw/98B3Htw7iJWCyq08fAEL5w+a/Vj+YbQq0msVFTA=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e8c62c651242fc685b10efc4a48ab777635fb7f", + "rev": "9ef92f1c6b77944198fd368ec805ced842352a1d", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1745816321, - "narHash": "sha256-Gyh/fkCDqVNGM0BWvk+4UAS17w2UI6iwnbQQCmc1TDI=", + "lastModified": 1746708654, + "narHash": "sha256-GeC99gu5H6+AjBXsn5dOhP4/ApuioGCBkufdmEIWPRs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "4515dacafb0ccd42e5395aacc49fd58a43027e01", + "rev": "6cb36e8327421c61e5a3bbd08ed63491b616364a", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1746151051, - "narHash": "sha256-zdPTKcfvZ/mL9urzbJuQVbsIJTNIKVmI9QEimb7xIAM=", + "lastModified": 1746842090, + "narHash": "sha256-W/WqQ8VGZ4tlV6BAFGY6BDEc5ShAm4i3pv5c3s3YlUI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "31e24801a4d8eabd8c500237af732ca2ab305326", + "rev": "5603fb6fb99f68dfc244429c79a7b706ed9a2fd7", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1745955289, - "narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=", + "lastModified": 1746814339, + "narHash": "sha256-hf2lICJzwACWuzHCmZn5NI6LUAOgGdR1yh8ip+duyhk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b", + "rev": "3c5e12673265dfb0de3d9121420c0c2153bf21e0", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746141548, - "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", + "lastModified": 1746663147, + "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f02fddb8acef29a8b32f10a335d44828d7825b78", + "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1745310711, - "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=", + "lastModified": 1746485181, + "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c", + "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", "type": "github" }, "original": { From aa15f1ffe5fd0bc0f9798911c7e19cc73bd914ef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:07:56 -0500 Subject: [PATCH 637/932] updated flake lock --- flake.lock | 54 ++++++++++++++++---------------- modules/nixos-modules/system.nix | 1 + 2 files changed, 28 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index ad193be9..1a03eab2 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1746729224, - "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", + "lastModified": 1747742835, + "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", "owner": "nix-community", "repo": "disko", - "rev": "85555d27ded84604ad6657ecca255a03fd878607", + "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1746849806, - "narHash": "sha256-6vJX4DnhDlWNtOOh3v08YqPgjJblfgHnV9562nPHNEo=", + "lastModified": 1747973023, + "narHash": "sha256-v2OgykASspKAyL+hYKlfa9PM4cwlFZ7/WQ1uvd256ko=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e2408d3f94a6b658e12f135501aa7fd38efabc72", + "rev": "c7ee05a5dc9b52ba7a6a660537fabaf711b7790a", "type": "gitlab" }, "original": { @@ -44,11 +44,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1746912617, - "narHash": "sha256-SSw/98B3Htw7iJWCyq08fAEL5w+a/Vj+YbQq0msVFTA=", + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "9ef92f1c6b77944198fd368ec805ced842352a1d", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1746708654, - "narHash": "sha256-GeC99gu5H6+AjBXsn5dOhP4/ApuioGCBkufdmEIWPRs=", + "lastModified": 1748004251, + "narHash": "sha256-XodjkVWTth3A2JpBqGBkdLD9kkWn94rnv98l3xwKukg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6cb36e8327421c61e5a3bbd08ed63491b616364a", + "rev": "33220d4791784e4dd4739edd3f6c028020082f91", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1746842090, - "narHash": "sha256-W/WqQ8VGZ4tlV6BAFGY6BDEc5ShAm4i3pv5c3s3YlUI=", + "lastModified": 1747965670, + "narHash": "sha256-O91kjsTL7xccgTQr2KITmGhhLTpX9zh+oRvvV8ScOrg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5603fb6fb99f68dfc244429c79a7b706ed9a2fd7", + "rev": "d3099346fa5e9e33d0989a4e6afc3e8dedd25311", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1746814339, - "narHash": "sha256-hf2lICJzwACWuzHCmZn5NI6LUAOgGdR1yh8ip+duyhk=", + "lastModified": 1747900541, + "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3c5e12673265dfb0de3d9121420c0c2153bf21e0", + "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746663147, - "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { @@ -243,11 +243,11 @@ ] }, "locked": { - "lastModified": 1746485181, - "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=", + "lastModified": 1747603214, + "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e93ee1d900ad264d65e9701a5c6f895683433386", + "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "type": "github" }, "original": { diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index b8390679..51a92ed9 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,5 +1,6 @@ {...}: { nix = { + settings.download-buffer-size = 524288000; gc = { automatic = true; dates = "weekly"; From 85e766a571a1cb430ab0510588f1dbbf7d89434a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:27:07 -0500 Subject: [PATCH 638/932] fixed vs code configuration --- .../home-manager/leyla/packages.nix | 2 +- configurations/home-manager/leyla/vscode.nix | 123 ------------------ .../home-manager/leyla/vscode/default.nix | 76 +++++++---- .../home-manager/leyla/vscode/user-words.nix | 1 + .../nixos/twilight/configuration.nix | 9 +- 5 files changed, 56 insertions(+), 155 deletions(-) delete mode 100644 configurations/home-manager/leyla/vscode.nix diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 506c2b30..13263ea6 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -8,7 +8,7 @@ hardware = osConfig.host.hardware; in { imports = [ - ./vscode.nix + ./vscode/default.nix ./firefox.nix ]; diff --git a/configurations/home-manager/leyla/vscode.nix b/configurations/home-manager/leyla/vscode.nix deleted file mode 100644 index e42c4cd2..00000000 --- a/configurations/home-manager/leyla/vscode.nix +++ /dev/null @@ -1,123 +0,0 @@ -{ - lib, - pkgs, - inputs, - osConfig, - ... -}: let - nix-development-enabled = osConfig.host.nix-development.enable; -in { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - - programs = { - bash.shellAliases = { - code = "codium"; - }; - - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { - enable = true; - - package = pkgs.vscodium; - - mutableExtensionsDir = false; - - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = [ - "webdav" - ]; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "editor.tabSize" = 2; - "editor.insertSpaces" = false; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - (lib.mkIf osConfig.services.ollama.enable { - "twinny.fileContextEnabled" = true; - "twinny.enableLogging" = false; - "twinny.completionCacheEnabled" = true; - - # builtins.elemAt osConfig.services.ollama.loadModels 0; - }) - ]; - - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # go extensions - golang.go - - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - tamasfe.even-better-toml - ] - ++ ( - lib.lists.optionals osConfig.services.ollama.enable [ - rjmacarthy.twinny - ] - ) - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ] - ) - ); - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 641fff95..f6cbac79 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -6,6 +6,7 @@ ... }: let nix-development-enabled = osConfig.host.nix-development.enable; + ai-tooling-enabled = osConfig.services.ollama.enable; in { nixpkgs = { overlays = [ @@ -28,30 +29,42 @@ in { package = pkgs.vscodium; mutableExtensionsDir = false; - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.language" = "en,de-DE,it"; - "cSpell.userWords" = import ./user-words.nix; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - ]; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = import ./user-words.nix; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "editor.tabSize" = 2; + "editor.insertSpaces" = false; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + (lib.mkIf osConfig.services.ollama.enable { + "twinny.fileContextEnabled" = true; + "twinny.enableLogging" = false; + "twinny.completionCacheEnabled" = true; + + # builtins.elemAt osConfig.services.ollama.loadModels 0; + }) + ]; + }; extensions = ( with open-vsx; @@ -76,12 +89,15 @@ in { stylelint.vscode-stylelint tauri-apps.tauri-vscode + # go extensions + golang.go + # astro blog extensions astro-build.astro-vscode unifiedjs.vscode-mdx # misc extensions - bungcip.better-toml + tamasfe.even-better-toml ] ++ (lib.lists.optionals nix-development-enabled [ # nix extensions @@ -90,10 +106,14 @@ in { kamadorueda.alejandra ]) ++ ( - with vscode-marketplace; [ - # js extensions - karyfoundation.nearley - ] + with vscode-marketplace; + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + continue.continue + ]) ) ); }; diff --git a/configurations/home-manager/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/vscode/user-words.nix index 94a85a28..4444c30b 100644 --- a/configurations/home-manager/leyla/vscode/user-words.nix +++ b/configurations/home-manager/leyla/vscode/user-words.nix @@ -1,3 +1,4 @@ [ "leyla" + "webdav" ] diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 3d8e6b18..c007932d 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -37,9 +37,12 @@ enable = true; loadModels = [ - "deepseek-coder:6.7b" - "deepseek-r1:8b" - "deepseek-r1:32b" + "llama3.1:8b" + "qwen2.5-coder:1.5b-base" + "nomic-embed-text:latest" + # "deepseek-coder:6.7b" + # "deepseek-r1:8b" + # "deepseek-r1:32b" ]; }; From f3431e3028b92580e4dad4f8260d24721be62702 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:30:39 -0500 Subject: [PATCH 639/932] disabled telemetry --- configurations/home-manager/leyla/vscode/default.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index f6cbac79..5db972cd 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -57,9 +57,7 @@ in { }; }) (lib.mkIf osConfig.services.ollama.enable { - "twinny.fileContextEnabled" = true; - "twinny.enableLogging" = false; - "twinny.completionCacheEnabled" = true; + "continue.telemetryEnabled" = false; # builtins.elemAt osConfig.services.ollama.loadModels 0; }) From 705554dd16794f84b702f41cbb2e340417c08522 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:33:08 -0500 Subject: [PATCH 640/932] added TODO notes --- configurations/home-manager/leyla/vscode/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 5db972cd..e1231493 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -14,6 +14,9 @@ in { ]; }; + # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use remote hosted on defiant + # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use use better models hosted on defiant + programs = { bash.shellAliases = { code = "codium"; From c95186093051ef5d6f01f1dcdc96bbb589a24563 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 20:53:37 -0500 Subject: [PATCH 641/932] re enabled deep seek models for twilight --- configurations/nixos/twilight/configuration.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index c007932d..be7056f4 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -40,9 +40,9 @@ "llama3.1:8b" "qwen2.5-coder:1.5b-base" "nomic-embed-text:latest" - # "deepseek-coder:6.7b" - # "deepseek-r1:8b" - # "deepseek-r1:32b" + "deepseek-coder:6.7b" + "deepseek-r1:8b" + "deepseek-r1:32b" ]; }; From c6ec40a3f7a12e2be5eed3fc7419a4c75accd105 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 23 May 2025 21:14:09 -0500 Subject: [PATCH 642/932] organized models for twilight --- configurations/nixos/twilight/configuration.nix | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index be7056f4..f851b088 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -37,12 +37,22 @@ enable = true; loadModels = [ + # conversation models "llama3.1:8b" - "qwen2.5-coder:1.5b-base" - "nomic-embed-text:latest" - "deepseek-coder:6.7b" "deepseek-r1:8b" "deepseek-r1:32b" + + # auto complete models + "qwen2.5-coder:1.5b-base" + "qwen2.5-coder:7b" + "deepseek-coder:6.7b" + "deepseek-coder:33b" + + # agent models + "qwen3:32b" + + # embedding models + "nomic-embed-text:latest" ]; }; From 5cc41542e168be054b508e4ce5861675a160cb43 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 21:51:19 -0500 Subject: [PATCH 643/932] fixed spelling of comment --- configurations/home-manager/leyla/firefox.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 2781fe4b..4f8c624e 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -123,7 +123,7 @@ "browser.bookmarks.addedImportButton" = true; "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - # Usage Experiance + # Usage Experience "browser.startup.homepage" = "about:home"; "browser.download.useDownloadDir" = false; "browser.uiCustomization.state" = builtins.toJSON { From 7b6344b41972d6165606d23ce84b5f783f6272ad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 22:17:19 -0500 Subject: [PATCH 644/932] added ollama to defiant --- .../home-manager/leyla/vscode/user-words.nix | 2 ++ .../nixos/defiant/configuration.nix | 19 +++++++++++++++++-- modules/nixos-modules/ollama.nix | 13 +++++++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/vscode/user-words.nix index 4444c30b..b5811188 100644 --- a/configurations/home-manager/leyla/vscode/user-words.nix +++ b/configurations/home-manager/leyla/vscode/user-words.nix @@ -1,4 +1,6 @@ [ "leyla" "webdav" + "ollama" + "optimise" ] diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 8e1eab8a..59ad2c95 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -201,13 +201,28 @@ }; ollama = { - enable = false; + enable = true; + exposePort = true; loadModels = [ - "deepseek-coder:6.7b" + # conversation models + "llama3.1:8b" "deepseek-r1:8b" "deepseek-r1:32b" "deepseek-r1:70b" + + # auto complete models + "qwen2.5-coder:1.5b-base" + "qwen2.5-coder:7b" + "deepseek-coder:6.7b" + "deepseek-coder:33b" + + # agent models + "qwen3:8b" + "qwen3:32b" + + # embedding models + "nomic-embed-text:latest" ]; }; tailscale = { diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 5cdc041f..6b1d5bbc 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -3,6 +3,10 @@ lib, ... }: { + options = { + services.ollama.exposePort = lib.mkEnableOption "should we expose ollama on tailscale"; + }; + config = lib.mkMerge [ { services.ollama = { @@ -22,6 +26,15 @@ } ]; }; + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + ports = [ + config.services.ollama.port + ]; + in + lib.mkIf config.services.ollama.exposePort { + allowedTCPPorts = ports; + allowedUDPPorts = ports; + }; })) ]; } From 77ab4781ac005f89a76eef72113f766ed2b6828b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 23:03:20 -0500 Subject: [PATCH 645/932] started to draft out configuration of continue models --- .../home-manager/leyla/vscode/default.nix | 102 +++++++++--------- .../nixos/twilight/configuration.nix | 59 +++++++++- modules/nixos-modules/continue.nix | 44 ++++++++ modules/nixos-modules/default.nix | 1 + 4 files changed, 154 insertions(+), 52 deletions(-) create mode 100644 modules/nixos-modules/continue.nix diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index e1231493..1108f2f0 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -65,58 +65,58 @@ in { # builtins.elemAt osConfig.services.ollama.loadModels 0; }) ]; + + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # go extensions + golang.go + + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + tamasfe.even-better-toml + ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + continue.continue + ]) + ) + ); }; - - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - - # go extensions - golang.go - - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) - ) - ); }; }; } diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index f851b088..12d91515 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -30,8 +30,65 @@ graphicsAcceleration.enable = true; directAccess.enable = true; }; - }; + ai = { + enable = true; + # TODO: benchmark twilight against defiant and prune this list of models that are faster on defiant + models = { + # conversation models + "lamma3.1:8b" = { + model = "lamma3.1:8b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-r1:8b" = { + model = "deepseek-r1:8b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-r1:32b" = { + model = "deepseek-r1:32b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + # auto complete models + "qwen2.5-coder:1.5b-base" = { + model = "qwen2.5-coder:1.5b-base"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "qwen2.5-coder:7b" = { + model = "qwen2.5-coder:7b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-coder:6.7b" = { + model = "deepseek-coder:6.7b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + "deepseek-coder:33b" = { + model = "deepseek-coder:33b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + + # agent models + "qwen3:32b" = { + model = "qwen3:32b"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + + # embedding models + "nomic-embed-text:latest" = { + model = "nomic-embed-text:latest"; + # TODO: figure out what should be in this array + # roles = [""]; + }; + }; + }; + }; services = { ollama = { enable = true; diff --git a/modules/nixos-modules/continue.nix b/modules/nixos-modules/continue.nix new file mode 100644 index 00000000..73ff4dbd --- /dev/null +++ b/modules/nixos-modules/continue.nix @@ -0,0 +1,44 @@ +{lib, ...}: { + options.host = { + ai = { + enable = lib.mkEnableOption "should we use AI on this machine"; + models = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + option = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + model = { + type = lib.types.str; + }; + provider = { + type = lib.types.str; + default = "ollama"; + }; + apiBase = { + type = lib.types.str; + default = null; + }; + roles = { + type = lib.types.listOf lib.types.enumOf [ + "chat" + "autocomplete" + "embed" + "rerank" + "edit" + "apply" + "summarize" + ]; + }; + }; + })); + }; + }; + }; + + config = { + # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is null + # TODO: if we have any models that have a non null options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true + }; +} diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index fdbdc7e0..67c75cef 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,6 +12,7 @@ ./impermanence.nix ./disko.nix ./ollama.nix + ./continue.nix ./tailscale.nix ./server ]; From 3f88b989d112f6d11fb086331dc60c30db214f40 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 24 May 2025 23:27:11 -0500 Subject: [PATCH 646/932] added more notes about continue configuration --- modules/home-manager-modules/continue.nix | 3 +++ modules/nixos-modules/{continue.nix => ai.nix} | 0 modules/nixos-modules/default.nix | 2 +- modules/nixos-modules/ollama.nix | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager-modules/continue.nix rename modules/nixos-modules/{continue.nix => ai.nix} (100%) diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix new file mode 100644 index 00000000..fce3b385 --- /dev/null +++ b/modules/home-manager-modules/continue.nix @@ -0,0 +1,3 @@ +{...}: { + # TODO: enable option for continue.yaml for home based on options defined in osConfig.ai.models +} diff --git a/modules/nixos-modules/continue.nix b/modules/nixos-modules/ai.nix similarity index 100% rename from modules/nixos-modules/continue.nix rename to modules/nixos-modules/ai.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 67c75cef..8cdeae97 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -12,7 +12,7 @@ ./impermanence.nix ./disko.nix ./ollama.nix - ./continue.nix + ./ai.nix ./tailscale.nix ./server ]; diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 6b1d5bbc..1d515f81 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -10,6 +10,7 @@ config = lib.mkMerge [ { services.ollama = { + # TODO: these should match whats set in the users file group = "ollama"; user = "ollama"; }; From 2c77cf2ed40682a3e005441c88f7d650df7028b4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 01:32:05 -0500 Subject: [PATCH 647/932] updated list of models on twilight --- .../nixos/twilight/configuration.nix | 27 +++++++------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 12d91515..4a2c8383 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -37,54 +37,45 @@ # conversation models "lamma3.1:8b" = { model = "lamma3.1:8b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; "deepseek-r1:8b" = { model = "deepseek-r1:8b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; "deepseek-r1:32b" = { model = "deepseek-r1:32b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; # auto complete models "qwen2.5-coder:1.5b-base" = { model = "qwen2.5-coder:1.5b-base"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; "qwen2.5-coder:7b" = { model = "qwen2.5-coder:7b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; "deepseek-coder:6.7b" = { model = "deepseek-coder:6.7b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; "deepseek-coder:33b" = { model = "deepseek-coder:33b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["autocomplete"]; }; # agent models "qwen3:32b" = { model = "qwen3:32b"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["chat" "edit" "apply"]; }; # embedding models "nomic-embed-text:latest" = { model = "nomic-embed-text:latest"; - # TODO: figure out what should be in this array - # roles = [""]; + roles = ["embed"]; }; }; }; From 393f468be2699d49512aeda7f0624f767ddfe708 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 13:07:32 -0500 Subject: [PATCH 648/932] generate .continue/config.yaml via configuration --- configurations/home-manager/leyla/default.nix | 26 +++++++ .../home-manager/leyla/vscode/default.nix | 10 +-- .../nixos/twilight/configuration.nix | 2 +- modules/home-manager-modules/continue.nix | 76 ++++++++++++++++++- modules/home-manager-modules/default.nix | 1 + modules/nixos-modules/ai.nix | 22 +++--- 6 files changed, 117 insertions(+), 20 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index f2c14e16..0c90ab10 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -83,6 +83,32 @@ }; }; + user = { + continue = { + enable = true; + docs = { + "Continue Docs" = { + startUrl = "https://docs.continue.dev"; + }; + "Nixpkgs" = { + startUrl = "https://ryantm.github.io/nixpkgs/#preface"; + }; + "Nix Manual" = { + startUrl = "https://nixos.org/manual/nixos/stable/"; + }; + "Home manager Manual" = { + startUrl = "https://nix-community.github.io/home-manager/"; + }; + "Nix Docs" = { + startUrl = "https://nix.dev/index.html"; + }; + "Linux Man Page" = { + startUrl = "https://linux.die.net/man/"; + }; + }; + }; + }; + programs = { # Let Home Manager install and manage itself. home-manager.enable = true; diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 1108f2f0..2f3c455d 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -2,11 +2,12 @@ lib, pkgs, inputs, + config, osConfig, ... }: let nix-development-enabled = osConfig.host.nix-development.enable; - ai-tooling-enabled = osConfig.services.ollama.enable; + ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { nixpkgs = { overlays = [ @@ -14,9 +15,6 @@ in { ]; }; - # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use remote hosted on defiant - # TODO: when ai-tooling is enabled configure ~/.continue/config.yaml to use use better models hosted on defiant - programs = { bash.shellAliases = { code = "codium"; @@ -59,10 +57,8 @@ in { "expr" = "import {}"; }; }) - (lib.mkIf osConfig.services.ollama.enable { + (lib.mkIf ai-tooling-enabled { "continue.telemetryEnabled" = false; - - # builtins.elemAt osConfig.services.ollama.loadModels 0; }) ]; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 4a2c8383..82ca9b7c 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -35,7 +35,7 @@ # TODO: benchmark twilight against defiant and prune this list of models that are faster on defiant models = { # conversation models - "lamma3.1:8b" = { + "Llama 3.1 8B" = { model = "lamma3.1:8b"; roles = ["chat" "edit" "apply"]; }; diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix index fce3b385..327ee44c 100644 --- a/modules/home-manager-modules/continue.nix +++ b/modules/home-manager-modules/continue.nix @@ -1,3 +1,75 @@ -{...}: { - # TODO: enable option for continue.yaml for home based on options defined in osConfig.ai.models +{ + lib, + pkgs, + config, + osConfig, + ... +}: let + ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; +in { + options = { + user.continue = { + enable = lib.mkEnableOption "should continue be enabled on this machine"; + docs = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + startUrl = lib.mkOption { + type = lib.types.str; + }; + }; + })); + }; + context = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + provider = lib.mkOption { + type = lib.types.str; + default = name; + }; + }; + })); + default = { + "code" = {}; + "docs" = {}; + "diff" = {}; + "terminal" = {}; + "problems" = {}; + "folder" = {}; + "codebase" = {}; + }; + }; + }; + }; + + config = + lib.mkIf ai-tooling-enabled + (lib.mkMerge [ + { + home = { + file = { + ".continue/config.yaml".source = (pkgs.formats.yaml {}).generate "continue-config" { + name = "Assistant"; + version = "1.0.0"; + schema = "v1"; + models = lib.attrsets.attrValues osConfig.host.ai.models; + context = lib.attrsets.attrValues config.user.continue.context; + docs = lib.attrsets.attrValues config.user.continue.docs; + }; + }; + }; + } + (lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".continue/index" + ".continue/sessions" + ]; + allowOther = true; + }; + }) + ]); } diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index ef9bf0a2..ee47fb58 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -4,5 +4,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix + ./continue.nix ]; } diff --git a/modules/nixos-modules/ai.nix b/modules/nixos-modules/ai.nix index 73ff4dbd..8cc19ff9 100644 --- a/modules/nixos-modules/ai.nix +++ b/modules/nixos-modules/ai.nix @@ -4,24 +4,24 @@ enable = lib.mkEnableOption "should we use AI on this machine"; models = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - option = { + options = { name = lib.mkOption { type = lib.types.str; default = name; }; - model = { + model = lib.mkOption { type = lib.types.str; }; - provider = { + provider = lib.mkOption { type = lib.types.str; default = "ollama"; }; - apiBase = { - type = lib.types.str; - default = null; - }; - roles = { - type = lib.types.listOf lib.types.enumOf [ + # apiBase = lib.mkOption { + # type = lib.types.nullOr lib.types.str; + # default = null; + # }; + roles = lib.mkOption { + type = lib.types.listOf (lib.types.enum [ "chat" "autocomplete" "embed" @@ -29,11 +29,13 @@ "edit" "apply" "summarize" - ]; + ]); + default = []; }; }; })); }; + default = {}; }; }; From 089fbb8717f4770b1dd38946ac0cf0806ec15823 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 13:49:03 -0500 Subject: [PATCH 649/932] changed formatting for ollama.nix to wrap all of configurations in its enable option --- modules/nixos-modules/ollama.nix | 53 +++++++++++++++++--------------- 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 1d515f81..155ec5db 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -7,35 +7,38 @@ services.ollama.exposePort = lib.mkEnableOption "should we expose ollama on tailscale"; }; - config = lib.mkMerge [ - { - services.ollama = { - # TODO: these should match whats set in the users file - group = "ollama"; - user = "ollama"; - }; - } - (lib.mkIf config.host.impermanence.enable (lib.mkIf config.services.ollama.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.ollama.models; - user = config.services.ollama.user; - group = config.services.ollama.group; - } - ]; - }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + config = lib.mkIf config.services.ollama.enable ( + lib.mkMerge [ + { + services.ollama = { + # TODO: these should match whats set in the users file + group = "ollama"; + user = "ollama"; + }; + } + (lib.mkIf config.services.ollama.exposePort (let ports = [ config.services.ollama.port ]; - in - lib.mkIf config.services.ollama.exposePort { + in { + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedTCPPorts = ports; allowedUDPPorts = ports; }; - })) - ]; + })) + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.ollama.models; + user = config.services.ollama.user; + group = config.services.ollama.group; + } + ]; + }; + }) + ] + ); } From 60f8b0265a01419542ee36cc777a77ccbb9c6aff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 17:42:53 -0500 Subject: [PATCH 650/932] fixed ollama on defiant --- modules/nixos-modules/ollama.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 155ec5db..81ad3d0a 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -36,6 +36,13 @@ user = config.services.ollama.user; group = config.services.ollama.group; } + { + directory = "/var/lib/private/ollama"; + user = config.services.ollama.user; + group = config.services.ollama.group; + mode = "0700"; + defaultPerms.mode = "0700"; + } ]; }; }) From c6dfa3e7ce4c61074a3be2c416240808129ce933 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 21:33:41 -0500 Subject: [PATCH 651/932] replaced disko disk --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 59ad2c95..97e8edff 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -46,7 +46,7 @@ "ata-ST18000NE000-3G6101_ZVTD10EH" "ata-ST18000NT001-3NF101_ZVTE0S3Q" "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NT001-3NF101_ZVTEZACV" # this one is broken replace with "ata-ST18000NT001-XXXXXX_ZVTJ732N" + "ata-ST18000NT001-3NF101_ZVTEZACV" ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" From 0a7bbdbc8f63213a784b4e95a0e14cf24a6ef709 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 25 May 2025 21:48:13 -0500 Subject: [PATCH 652/932] fixed disk name --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 97e8edff..be906a7b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -46,7 +46,7 @@ "ata-ST18000NE000-3G6101_ZVTD10EH" "ata-ST18000NT001-3NF101_ZVTE0S3Q" "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NT001-3NF101_ZVTEZACV" + "ata-ST18000NE000-3G6101_ZVTJ7359" ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" From b1cd64e23e2cbcfb935234e635973cff7fa51664 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 12:23:58 -0500 Subject: [PATCH 653/932] added new drives to defiant --- .../nixos/defiant/configuration.nix | 25 +++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index be906a7b..fef7a56a 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -40,13 +40,24 @@ tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { - drives = [ - "ata-ST18000NE000-3G6101_ZVTCXVEB" - "ata-ST18000NE000-3G6101_ZVTCXWSC" - "ata-ST18000NE000-3G6101_ZVTD10EH" - "ata-ST18000NT001-3NF101_ZVTE0S3Q" - "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NE000-3G6101_ZVTJ7359" + vdevs = [ + [ + "ata-ST18000NE000-3G6101_ZVTCXVEB" + "ata-ST18000NE000-3G6101_ZVTCXWSC" + "ata-ST18000NE000-3G6101_ZVTD10EH" + "ata-ST18000NT001-3NF101_ZVTE0S3Q" + "ata-ST18000NT001-3NF101_ZVTEF27J" + "ata-ST18000NE000-3G6101_ZVTJ7359" + ] + # TODO: this needs to be configured manually + [ + "ata-ST4000NE001-2MA101_WS2275P3" + "ata-ST4000NE001-2MA101_WS227B9F" + "ata-ST4000NE001-2MA101_WS227CEW" + "ata-ST4000NE001-2MA101_WS227CYN" + "ata-ST4000NE001-2MA101_WS23TBWV" + "ata-ST4000NE001-2MA101_WS23TC5F" + ] ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" From 0bd483147dd1b0e3473c42d479ea5ae184022e0a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 17:48:25 -0500 Subject: [PATCH 654/932] updated flake.lock --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 1a03eab2..b70bb5a7 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1747742835, - "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=", + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", "owner": "nix-community", "repo": "disko", - "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1747973023, - "narHash": "sha256-v2OgykASspKAyL+hYKlfa9PM4cwlFZ7/WQ1uvd256ko=", + "lastModified": 1748232210, + "narHash": "sha256-hyXsQVgl/URb13iWEONwV3gGZ9IU90Q9yPmn5xoWP/8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "c7ee05a5dc9b52ba7a6a660537fabaf711b7790a", + "rev": "26c86ba664f227c6abb383d3ca8db9365f275766", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1748227609, + "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1748004251, - "narHash": "sha256-XodjkVWTth3A2JpBqGBkdLD9kkWn94rnv98l3xwKukg=", + "lastModified": 1748149228, + "narHash": "sha256-mmonYFesFo42UUS49Hd0bcbVJRWX/aHBCDYUkkvylf4=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "33220d4791784e4dd4739edd3f6c028020082f91", + "rev": "a9939228f661df370c4094fe85f683e45d761dbe", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1747965670, - "narHash": "sha256-O91kjsTL7xccgTQr2KITmGhhLTpX9zh+oRvvV8ScOrg=", + "lastModified": 1748225039, + "narHash": "sha256-Lvl26mCEatC5akRHywuXkYM6ZKc7R5T9m6u7rBPtNQw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "d3099346fa5e9e33d0989a4e6afc3e8dedd25311", + "rev": "cde730cb9dc2759104d7c8c27cb36d73189be1e2", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1748190013, + "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", "type": "github" }, "original": { From 8c36fe5a72b0a6a408ae7419941155d5cf0e7592 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 17:49:47 -0500 Subject: [PATCH 655/932] set default api base for ai models to localhost --- configurations/nixos/horizon/configuration.nix | 8 -------- modules/nixos-modules/ai.nix | 10 +++++----- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 63ed59dc..f27f585c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -51,14 +51,6 @@ fprintd = { enable = true; }; - ollama = { - enable = false; - - loadModels = [ - "deepseek-coder:1.3b" - "deepseek-r1:1.5b" - ]; - }; tailscale = { enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; diff --git a/modules/nixos-modules/ai.nix b/modules/nixos-modules/ai.nix index 8cc19ff9..646e1b59 100644 --- a/modules/nixos-modules/ai.nix +++ b/modules/nixos-modules/ai.nix @@ -16,10 +16,10 @@ type = lib.types.str; default = "ollama"; }; - # apiBase = lib.mkOption { - # type = lib.types.nullOr lib.types.str; - # default = null; - # }; + apiBase = lib.mkOption { + type = lib.types.str; + default = "http://localhost:11434"; + }; roles = lib.mkOption { type = lib.types.listOf (lib.types.enum [ "chat" @@ -40,7 +40,7 @@ }; config = { - # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is null + # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is the default value # TODO: if we have any models that have a non null options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true }; } From f96f9f767537857f3b2bee4400e19ff20e4ee95c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 17:54:09 -0500 Subject: [PATCH 656/932] set horizon up to use twilight ollama models --- .../nixos/horizon/configuration.nix | 23 +++++++++++++++++++ .../nixos/twilight/configuration.nix | 1 + modules/nixos-modules/ai.nix | 4 ++-- 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index f27f585c..84486546 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -23,6 +23,29 @@ hardware = { directAccess.enable = true; }; + + ai = { + enable = true; + models = { + "Llama 3.1 8B" = { + model = "lamma3.1:8b"; + roles = ["chat" "edit" "apply"]; + apiBase = "http://twilight:11434"; + }; + + "qwen2.5-coder:1.5b-base" = { + model = "qwen2.5-coder:1.5b-base"; + roles = ["autocomplete"]; + apiBase = "http://twilight:11434"; + }; + + "nomic-embed-text:latest" = { + model = "nomic-embed-text:latest"; + roles = ["embed"]; + apiBase = "http://twilight:11434"; + }; + }; + }; }; environment.systemPackages = [ diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 82ca9b7c..10f26064 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -83,6 +83,7 @@ services = { ollama = { enable = true; + exposePort = true; loadModels = [ # conversation models diff --git a/modules/nixos-modules/ai.nix b/modules/nixos-modules/ai.nix index 646e1b59..d8cd63d9 100644 --- a/modules/nixos-modules/ai.nix +++ b/modules/nixos-modules/ai.nix @@ -40,7 +40,7 @@ }; config = { - # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is the default value - # TODO: if we have any models that have a non null options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true + # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is localhost + # TODO: if we have any models that have a non localhost options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true }; } From 3e27429c74d60ecc79f23dacadc9b2bc7a7ffd2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 18:49:17 -0500 Subject: [PATCH 657/932] set host when exporting port --- modules/nixos-modules/ollama.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 81ad3d0a..8f194cfd 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -21,6 +21,7 @@ config.services.ollama.port ]; in { + services.ollama.host = "0.0.0.0"; networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedTCPPorts = ports; allowedUDPPorts = ports; From bdbe98dd6582ad1801f7e496fe154f4ba49b27e0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 26 May 2025 19:36:21 -0500 Subject: [PATCH 658/932] enabled steam hardware --- configurations/nixos/twilight/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 10f26064..e9032d88 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -126,6 +126,7 @@ remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; + hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index # enabled virtualisation for docker # virtualisation.docker.enable = true; From 1b30c7d0ff17bb6510e92c76db9f3f16e55266d3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 28 May 2025 15:28:03 -0500 Subject: [PATCH 659/932] updated nix flake --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index b70bb5a7..fa3ad83e 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748232210, - "narHash": "sha256-hyXsQVgl/URb13iWEONwV3gGZ9IU90Q9yPmn5xoWP/8=", + "lastModified": 1748405006, + "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "26c86ba664f227c6abb383d3ca8db9365f275766", + "rev": "f9801a86d6603260940890c36650275090d1dceb", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1748227609, - "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", + "lastModified": 1748455938, + "narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=", "owner": "nix-community", "repo": "home-manager", - "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", + "rev": "02077149e2921014511dac2729ae6dadb4ec50e2", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1748149228, - "narHash": "sha256-mmonYFesFo42UUS49Hd0bcbVJRWX/aHBCDYUkkvylf4=", + "lastModified": 1748352827, + "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "a9939228f661df370c4094fe85f683e45d761dbe", + "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1748225039, - "narHash": "sha256-Lvl26mCEatC5akRHywuXkYM6ZKc7R5T9m6u7rBPtNQw=", + "lastModified": 1748397853, + "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "cde730cb9dc2759104d7c8c27cb36d73189be1e2", + "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748190013, - "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", + "lastModified": 1748370509, + "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", + "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", "type": "github" }, "original": { From 210a4084f7e4c15edc7551d39fc6c1fcda816eea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 28 May 2025 15:54:58 -0500 Subject: [PATCH 660/932] created prostudiomasters package --- configurations/nixos/horizon/configuration.nix | 4 ++++ configurations/nixos/horizon/prostudiomasters.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 configurations/nixos/horizon/prostudiomasters.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 84486546..99e3268e 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -52,6 +52,10 @@ (pkgs.callPackage ./webtoon-dl.nix {}) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (pkgs.callPackage + ./prostudiomasters.nix + {}) ]; programs = { diff --git a/configurations/nixos/horizon/prostudiomasters.nix b/configurations/nixos/horizon/prostudiomasters.nix new file mode 100644 index 00000000..c1c03fe4 --- /dev/null +++ b/configurations/nixos/horizon/prostudiomasters.nix @@ -0,0 +1,14 @@ +{ + fetchurl, + appimageTools, +}: let + pname = "prostudiomasters"; + version = "2.5.6"; + src = fetchurl { + url = "https://download.prostudiomasters.com/linux/ProStudioMasters-${version}.AppImage"; + hash = "sha256-7owOwdcucFfl+JsVj+Seau2KOz0J4P/ep7WrBSNSmbs="; + }; +in + appimageTools.wrapType2 { + inherit pname version src; + } From 7923f493eba3c870d691b25cc440a2ce037ad767 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 28 May 2025 16:03:05 -0500 Subject: [PATCH 661/932] moved deviations living under horizon to common shared folder --- configurations/nixos/horizon/configuration.nix | 11 +++-------- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/packages/default.nix | 17 +++++++++++++++++ .../packages}/prostudiomasters.nix | 0 .../nixos-modules/packages}/webtoon-dl.nix | 0 5 files changed, 21 insertions(+), 8 deletions(-) create mode 100644 modules/nixos-modules/packages/default.nix rename {configurations/nixos/horizon => modules/nixos-modules/packages}/prostudiomasters.nix (100%) rename {configurations/nixos/horizon => modules/nixos-modules/packages}/webtoon-dl.nix (100%) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 99e3268e..7e2ab8a5 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -48,14 +48,9 @@ }; }; - environment.systemPackages = [ - (pkgs.callPackage - ./webtoon-dl.nix - {}) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? - (pkgs.callPackage - ./prostudiomasters.nix - {}) + environment.systemPackages = with pkgs; [ + webtoon-dl + prostudiomasters ]; programs = { diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 8cdeae97..d668a748 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -15,6 +15,7 @@ ./ai.nix ./tailscale.nix ./server + ./packages ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/modules/nixos-modules/packages/default.nix b/modules/nixos-modules/packages/default.nix new file mode 100644 index 00000000..208ee246 --- /dev/null +++ b/modules/nixos-modules/packages/default.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + nixpkgs.overlays = [ + (final: prev: { + webtoon-dl = + pkgs.callPackage + ./webtoon-dl.nix + {}; + }) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (final: prev: { + prostudiomasters = + pkgs.callPackage + ./prostudiomasters.nix + {}; + }) + ]; +} diff --git a/configurations/nixos/horizon/prostudiomasters.nix b/modules/nixos-modules/packages/prostudiomasters.nix similarity index 100% rename from configurations/nixos/horizon/prostudiomasters.nix rename to modules/nixos-modules/packages/prostudiomasters.nix diff --git a/configurations/nixos/horizon/webtoon-dl.nix b/modules/nixos-modules/packages/webtoon-dl.nix similarity index 100% rename from configurations/nixos/horizon/webtoon-dl.nix rename to modules/nixos-modules/packages/webtoon-dl.nix From 1be7eb162af7abd255828fdfbbf5cf9b50d9b08b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 11:22:46 -0500 Subject: [PATCH 662/932] enabled qmk if via keyboard is enabled --- modules/nixos-modules/keyboard.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 modules/nixos-modules/keyboard.nix diff --git a/modules/nixos-modules/keyboard.nix b/modules/nixos-modules/keyboard.nix new file mode 100644 index 00000000..06a85c5a --- /dev/null +++ b/modules/nixos-modules/keyboard.nix @@ -0,0 +1,12 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = lib.mkIf config.host.hardware.viaKeyboard { + hardware.keyboard.qmk.enable = true; + }; + + services.udev.packages = [pkgs.via]; +} From ee389bdb92796558667d8aa8771c41df422029eb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 12:58:01 -0500 Subject: [PATCH 663/932] added via to udev --- modules/nixos-modules/keyboard.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/keyboard.nix b/modules/nixos-modules/keyboard.nix index 06a85c5a..f820c487 100644 --- a/modules/nixos-modules/keyboard.nix +++ b/modules/nixos-modules/keyboard.nix @@ -6,7 +6,7 @@ }: { config = lib.mkIf config.host.hardware.viaKeyboard { hardware.keyboard.qmk.enable = true; - }; - services.udev.packages = [pkgs.via]; + services.udev.packages = [pkgs.via]; + }; } From 5dd2b2282164f87a674f160da175afe472e1489b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 13:00:47 -0500 Subject: [PATCH 664/932] moved keyboard config to hardware.nix --- modules/nixos-modules/hardware.nix | 17 ++++++++++++++++- modules/nixos-modules/keyboard.nix | 12 ------------ 2 files changed, 16 insertions(+), 13 deletions(-) delete mode 100644 modules/nixos-modules/keyboard.nix diff --git a/modules/nixos-modules/hardware.nix b/modules/nixos-modules/hardware.nix index 1b22eced..8f4cc01b 100644 --- a/modules/nixos-modules/hardware.nix +++ b/modules/nixos-modules/hardware.nix @@ -1,4 +1,9 @@ -{lib, ...}: { +{ + lib, + config, + pkgs, + ... +}: { options.host.hardware = { piperMouse = { enable = lib.mkEnableOption "host has a piper mouse"; @@ -16,4 +21,14 @@ enable = lib.mkEnableOption "can a host be used on its own"; }; }; + config = lib.mkMerge [ + (lib.mkIf config.host.hardware.piperMouse.enable { + services.udev.packages = [pkgs.piper]; + }) + (lib.mkIf config.host.hardware.viaKeyboard.enable { + hardware.keyboard.qmk.enable = true; + + services.udev.packages = [pkgs.via]; + }) + ]; } diff --git a/modules/nixos-modules/keyboard.nix b/modules/nixos-modules/keyboard.nix deleted file mode 100644 index f820c487..00000000 --- a/modules/nixos-modules/keyboard.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: { - config = lib.mkIf config.host.hardware.viaKeyboard { - hardware.keyboard.qmk.enable = true; - - services.udev.packages = [pkgs.via]; - }; -} From 45835201f566bc9fdc757fda85f160cdbc591fa0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 30 May 2025 13:04:57 -0500 Subject: [PATCH 665/932] fixed piper --- modules/nixos-modules/hardware.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/hardware.nix b/modules/nixos-modules/hardware.nix index 8f4cc01b..07e6fa8c 100644 --- a/modules/nixos-modules/hardware.nix +++ b/modules/nixos-modules/hardware.nix @@ -23,7 +23,7 @@ }; config = lib.mkMerge [ (lib.mkIf config.host.hardware.piperMouse.enable { - services.udev.packages = [pkgs.piper]; + services.ratbagd.enable = true; }) (lib.mkIf config.host.hardware.viaKeyboard.enable { hardware.keyboard.qmk.enable = true; From 8f29881b72061657b8bebfe6dd051fa56e0779a3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 May 2025 17:42:12 -0500 Subject: [PATCH 666/932] created emergent configuration --- .../nixos/emergent/configuration.nix | 139 ++++++++++++++++++ configurations/nixos/emergent/default.nix | 8 + .../nixos/emergent/disco-configuration.nix | 57 +++++++ .../nixos/emergent/hardware-configuration.nix | 32 ++++ flake.nix | 1 + modules/nixos-modules/users.nix | 4 +- 6 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 configurations/nixos/emergent/configuration.nix create mode 100644 configurations/nixos/emergent/default.nix create mode 100644 configurations/nixos/emergent/disco-configuration.nix create mode 100644 configurations/nixos/emergent/hardware-configuration.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix new file mode 100644 index 00000000..a880ef5e --- /dev/null +++ b/configurations/nixos/emergent/configuration.nix @@ -0,0 +1,139 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + host = { + users = { + eve = { + isDesktopUser = true; + isTerminalUser = true; + isPrincipleUser = true; + }; + }; + }; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # services.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # tree + # ]; + # }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. + # You can use https://search.nixos.org/ to find more packages (and options). + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + networking = { + networkmanager.enable = true; + useDHCP = lib.mkDefault true; + hostId = "7e35eb97"; # arbitrary id number generated via this command: `head -c4 /dev/urandom | od -A none -t x4` + hostName = "emergent"; # Define your hostname. + }; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix new file mode 100644 index 00000000..34558258 --- /dev/null +++ b/configurations/nixos/emergent/default.nix @@ -0,0 +1,8 @@ +# evs desktop +{...}: { + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ./disco-configuration.nix + ]; +} diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix new file mode 100644 index 00000000..29e13fe9 --- /dev/null +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -0,0 +1,57 @@ +{...}: { + disko.devices = { + disk = { + disk1 = { + type = "disk"; + device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "64M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + mode = "mirror"; + options.cachefile = "none"; + rootFsOptions = { + compression = "zstd"; + "com.sun:auto-snapshot" = "true"; + }; + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; + + datasets = { + "system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + }; + }; + }; + }; +} diff --git a/configurations/nixos/emergent/hardware-configuration.nix b/configurations/nixos/emergent/hardware-configuration.nix new file mode 100644 index 00000000..4e131499 --- /dev/null +++ b/configurations/nixos/emergent/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/flake.nix b/flake.nix index ba10d207..496456a0 100644 --- a/flake.nix +++ b/flake.nix @@ -99,6 +99,7 @@ horizon = mkNixosSystem "horizon"; twilight = mkNixosSystem "twilight"; defiant = mkNixosSystem "defiant"; + emergent = mkNixosSystem "emergent"; }; darwinSystems = { diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 18cf06f5..68bd78b5 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -106,7 +106,9 @@ in { uid = lib.mkForce uids.eve; name = lib.mkForce host.users.eve.name; description = "Eve"; - extraGroups = lib.optionals host.users.eve.isNormalUser ["networkmanager"]; + extraGroups = + lib.optionals host.users.eve.isNormalUser ["networkmanager"] + ++ (lib.lists.optionals host.users.eve.isPrincipleUser ["wheel"]); hashedPasswordFile = config.sops.secrets."passwords/eve".path; isNormalUser = host.users.eve.isNormalUser; isSystemUser = !host.users.eve.isNormalUser; From d88c1c15885193f639f111cbb7610f9aaf95c7e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 31 May 2025 19:14:37 -0500 Subject: [PATCH 667/932] updated mode for zfs disk --- configurations/nixos/emergent/disco-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix index 29e13fe9..ec002b21 100644 --- a/configurations/nixos/emergent/disco-configuration.nix +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -31,7 +31,7 @@ zpool = { zroot = { type = "zpool"; - mode = "mirror"; + mode = ""; options.cachefile = "none"; rootFsOptions = { compression = "zstd"; From 69b8f5ceca186be1e40ee8db07c717e7ee54d269 Mon Sep 17 00:00:00 2001 From: Eve Halfmann Date: Sun, 1 Jun 2025 00:44:58 +0000 Subject: [PATCH 668/932] generate ssh keys for each system eve is on --- configurations/home-manager/eve/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 0ea88ee7..b3533638 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -1,6 +1,7 @@ { pkgs, lib, + config, osConfig, ... }: let @@ -72,5 +73,14 @@ in { programs = { # Let Home Manager install and manage itself. home-manager.enable = true; + + openssh = { + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; }; } From caea10c1e25ab97959aef7e28c5e90bfe45dbb32 Mon Sep 17 00:00:00 2001 From: Eve Halfmann Date: Sun, 1 Jun 2025 00:45:13 +0000 Subject: [PATCH 669/932] set git agent information --- configurations/home-manager/eve/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index b3533638..4e1d6fd9 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -74,6 +74,13 @@ in { # Let Home Manager install and manage itself. home-manager.enable = true; + git = { + enable = true; + userName = "Eve Halfmann"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; + openssh = { hostKeys = [ { From 5d055c6a88ac087661cb805fb487a1c9219b3063 Mon Sep 17 00:00:00 2001 From: Eve Halfmann Date: Sun, 1 Jun 2025 16:20:33 +0000 Subject: [PATCH 670/932] updated git username --- configurations/home-manager/eve/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 4e1d6fd9..d3dda263 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -76,7 +76,7 @@ in { git = { enable = true; - userName = "Eve Halfmann"; + userName = "Eve"; userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; From 327a5ce55fa9af2442845cad14662db95ee7aa6f Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 16:31:08 +0000 Subject: [PATCH 671/932] added vscodium --- configurations/home-manager/eve/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index d3dda263..7dedb686 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -80,6 +80,11 @@ in { userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; + + vscode = { + enable = true; + package = pkgs.vscodium; + }; openssh = { hostKeys = [ From c54210411d5f6c5097adb0c96f1f31d9db00649f Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 11:59:56 -0500 Subject: [PATCH 672/932] added steam + dependencies --- configurations/nixos/emergent/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index a880ef5e..4325eb3d 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -80,6 +80,8 @@ # programs.firefox.enable = true; + nixpkgs.config.allowUnfree = true; + # List packages installed in system profile. # You can use https://search.nixos.org/ to find more packages (and options). # environment.systemPackages = with pkgs; [ @@ -87,6 +89,13 @@ # wget # ]; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; From 7acf6a1c13935a5a5b4fb8b4a078697bf322dca3 Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 12:22:42 -0500 Subject: [PATCH 673/932] added nvidia-drivers as a seperate file and imported to config file --- .../nixos/emergent/configuration.nix | 1 + .../nixos/emergent/nvidia-drivers.nix | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 configurations/nixos/emergent/nvidia-drivers.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 4325eb3d..389dfe53 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -8,6 +8,7 @@ ... }: { imports = [ + ./nvidia-drivers.nix ]; # Use the systemd-boot EFI boot loader. diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix new file mode 100644 index 00000000..4df1b67e --- /dev/null +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: +{ + + # Enable OpenGL + hardware.graphics = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + hardware.nvidia = { + + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + } \ No newline at end of file From 2820252c54f9b5bac43d09e280c48baaaf45657d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 13:00:34 -0500 Subject: [PATCH 674/932] made leyla configs optional --- configurations/home-manager/eve/default.nix | 2 +- configurations/home-manager/leyla/default.nix | 45 +- configurations/home-manager/leyla/firefox.nix | 623 +++++++++--------- .../home-manager/leyla/packages.nix | 72 +- .../home-manager/leyla/vscode/default.nix | 185 +++--- .../nixos/emergent/nvidia-drivers.nix | 20 +- 6 files changed, 477 insertions(+), 470 deletions(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 7dedb686..b2ae492a 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -80,7 +80,7 @@ in { userEmail = "evesnrobins@gmail.com"; extraConfig.init.defaultBranch = "main"; }; - + vscode = { enable = true; package = pkgs.vscodium; diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 0c90ab10..90251a31 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,8 +1,4 @@ -{ - osConfig, - config, - ... -}: { +{osConfig, ...}: { imports = [ ./i18n.nix ./packages.nix @@ -108,44 +104,5 @@ }; }; }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - # set up git defaults - git = { - enable = true; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; - }; - - # add direnv to auto load flakes for development - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["/home/leyla/documents/code/nix-config"]; - }; - }; - bash.enable = true; - - openssh = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; }; } diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/firefox.nix index 4f8c624e..0adea283 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -2,340 +2,345 @@ lib, pkgs, inputs, + osConfig, ... -}: { - programs.firefox = { - enable = true; - profiles.leyla = { - settings = { - "browser.search.defaultenginename" = "Searx"; - "browser.search.order.1" = "Searx"; - }; +}: let + is-desktop-user = osConfig.host.users.leyla.isDesktopUser; +in { + config = lib.mkIf is-desktop-user { + programs.firefox = { + enable = true; + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; - search = { - force = true; - default = "Searx"; - engines = { - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = ["@np"]; - }; - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@nw"]; - }; - "Searx" = { - urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@searx"]; + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; }; }; - }; - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ - bitwarden - terms-of-service-didnt-read - multi-account-containers - shinigami-eyes + extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes - ublock-origin - sponsorblock - dearrow - df-youtube - return-youtube-dislikes + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes - privacy-badger - decentraleyes - clearurls - localcdn + privacy-badger + decentraleyes + clearurls + localcdn - snowflake + snowflake - deutsch-de-language-pack - dictionary-german + deutsch-de-language-pack + dictionary-german - # ( - # buildFirefoxXpiAddon rec { - # pname = "italiano-it-language-pack"; - # version = "132.0.20241110.231641"; - # addonId = "langpack-it@firefox.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Firefox Language Pack for Italiano (it) – Italian"; - # license = licenses.mpl20; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - # ( - # buildFirefoxXpiAddon rec { - # pname = "dizionario-italiano"; - # version = "5.1"; - # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Add support for Italian to spellchecking"; - # license = licenses.gpl3; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - ]; + # ( + # buildFirefoxXpiAddon rec { + # pname = "italiano-it-language-pack"; + # version = "132.0.20241110.231641"; + # addonId = "langpack-it@firefox.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Firefox Language Pack for Italiano (it) – Italian"; + # license = licenses.mpl20; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + # ( + # buildFirefoxXpiAddon rec { + # pname = "dizionario-italiano"; + # version = "5.1"; + # addonId = "it-IT@dictionaries.addons.mozilla.org"; + # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; + # sha256 = ""; + # meta = with lib; + # { + # description = "Add support for Italian to spellchecking"; + # license = licenses.gpl3; + # mozPermissions = []; + # platforms = platforms.all; + # }; + # } + # ) + ]; - settings = { - # Disable irritating first-run stuff - "browser.disableResetPrompt" = true; - "browser.download.panel.shown" = true; - "browser.feeds.showFirstRunUI" = false; - "browser.messaging-system.whatsNewPanel.enabled" = false; - "browser.rights.3.shown" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.shell.defaultBrowserCheckCount" = 1; - "browser.startup.homepage_override.mstone" = "ignore"; - "browser.uitour.enabled" = false; - "startup.homepage_override_url" = ""; - "trailhead.firstrun.didSeeAboutWelcome" = true; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.bookmarks.addedImportButton" = true; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - # Usage Experience - "browser.startup.homepage" = "about:home"; - "browser.download.useDownloadDir" = false; - "browser.uiCustomization.state" = builtins.toJSON { - "currentVersion" = 20; - "newElementCount" = 6; - "dirtyAreaCache" = [ - "nav-bar" - "PersonalToolbar" - "toolbar-menubar" - "TabsToolbar" - "unified-extensions-area" - "vertical-tabs" - ]; - "placements" = { - "widget-overflow-fixed-list" = []; - "unified-extensions-area" = [ + # Usage Experience + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + "privacy_privacy_com-browser-action" + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" + "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" "privacy_privacy_com-browser-action" - # bitwarden - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" "sponsorblocker_ajay_app-browser-action" - "dearrow_ajay_app-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_testpilot-containers-browser-action" + "ublock0_raymondhill_net-browser-action" "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" "jid1-bofifl9vbdl2zq_jetpack-browser-action" "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" ]; - "nav-bar" = [ - "back-button" - "forward-button" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "unified-extensions-button" - "reset-pbm-toolbar-button" - ]; - "toolbar-menubar" = [ - "menubar-items" - ]; - "TabsToolbar" = [ - "firefox-view-button" - "tabbrowser-tabs" - "new-tab-button" - "alltabs-button" - ]; - "vertical-tabs" = []; - "PersonalToolbar" = [ - "import-button" - "personal-bookmarks" - ]; }; - "seen" = [ - "save-to-pocket-button" - "developer-button" - "privacy_privacy_com-browser-action" - "sponsorblocker_ajay_app-browser-action" - "ublock0_raymondhill_net-browser-action" - "addon_simplelogin-browser-action" - "dearrow_ajay_app-browser-action" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_testpilot-containers-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "identity.fxaccounts.enabled" = false; + + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + + # Disable telemetry + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; + + bookmarks = { + force = true; + settings = [ + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } ]; }; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - "browser.newtabpage.blocked" = lib.genAttrs [ - # Facebook - "4gPpjkxgZzXPVtuEoAL9Ig==" - # Reddit - "gLv0ja2RYVgxKdp0I5qwvA==" - # Amazon - "K00ILysCaEq8+bEqV/3nuw==" - # Twitter - "T9nJot5PurhJSy8n038xGA==" - ] (_: 1); - "identity.fxaccounts.enabled" = false; - - # Security - "privacy.trackingprotection.enabled" = true; - "dom.security.https_only_mode" = true; - - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "signon.rememberSignons" = false; - "privacy.sanitize.sanitizeOnShutdown" = true; - "privacy.clearOnShutdown_v2.cache" = true; - "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; - "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; - "urlclassifier.trackingSkipURLs" = ""; - "urlclassifier.features.socialtracking.skipURLs" = ""; - "dom.security.https_only_mode_pbm" = true; - "dom.security.https_only_mode_error_page_user_suggestions" = true; - - # Disable telemetry - "app.shield.optoutstudies.enabled" = false; - "browser.discovery.enabled" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.ping-centre.telemetry" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.sessions.current.clean" = true; - "devtools.onboarding.telemetry.logged" = false; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.hybridContent.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.prompted" = 2; - "toolkit.telemetry.rejected" = true; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - "toolkit.telemetry.server" = ""; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.unifiedIsOptIn" = false; - "toolkit.telemetry.updatePing.enabled" = false; - }; - - bookmarks = { - force = true; - settings = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; }; }; }; diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index 13263ea6..e9ab2302 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -1,5 +1,6 @@ { lib, + config, osConfig, pkgs, ... @@ -12,22 +13,22 @@ in { ./firefox.nix ]; - nixpkgs.config = { - allowUnfree = true; - }; + config = lib.mkMerge [ + (lib.mkIf userConfig.isTerminalUser { + home.packages = with pkgs; [ + # command line tools + sox + yt-dlp + ffmpeg + imagemagick + ]; + }) + (lib.mkIf userConfig.isDesktopUser { + nixpkgs.config = { + allowUnfree = true; + }; - home = { - packages = - lib.lists.optionals userConfig.isTerminalUser ( - with pkgs; [ - # command line tools - sox - yt-dlp - ffmpeg - imagemagick - ] - ) - ++ ( + home.packages = ( lib.lists.optionals userConfig.isDesktopUser ( (with pkgs; [ # helvetica font @@ -91,5 +92,44 @@ in { ) ) ); - }; + programs = lib.mkIf userConfig.isDesktopUser { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + # set up git defaults + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["/home/leyla/documents/code/nix-config"]; + }; + }; + bash.enable = true; + + openssh = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }) + ]; } diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix index 2f3c455d..c2ee0665 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -8,110 +8,113 @@ }: let nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; + is-desktop-user = osConfig.host.users.leyla.isDesktopUser; in { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - - programs = { - bash.shellAliases = { - code = "codium"; + config = lib.mkIf is-desktop-user { + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; }; - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { - enable = true; + programs = { + bash.shellAliases = { + code = "codium"; + }; - package = pkgs.vscodium; + vscode = let + extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; + open-vsx = extensions.open-vsx; + vscode-marketplace = extensions.vscode-marketplace; + in { + enable = true; - mutableExtensionsDir = false; + package = pkgs.vscodium; - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; + mutableExtensionsDir = false; - userSettings = lib.mkMerge [ - { - "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = import ./user-words.nix; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "editor.tabSize" = 2; - "editor.insertSpaces" = false; - } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; - }) - (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; - }) - ]; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; - extensions = ( - with open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + userSettings = lib.mkMerge [ + { + "workbench.colorTheme" = "Atom One Dark"; + "cSpell.userWords" = import ./user-words.nix; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "editor.tabSize" = 2; + "editor.insertSpaces" = false; + } + (lib.mkIf nix-development-enabled { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + "nixpkgs" = { + "expr" = "import {}"; + }; + }) + (lib.mkIf ai-tooling-enabled { + "continue.telemetryEnabled" = false; + }) + ]; - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + extensions = ( + with open-vsx; + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - firsttris.vscode-jest-runner - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # go extensions - golang.go + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx + # go extensions + golang.go - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with vscode-marketplace; - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) - ) - ); + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx + + # misc extensions + tamasfe.even-better-toml + ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) + ++ ( + with vscode-marketplace; + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + continue.continue + ]) + ) + ); + }; }; }; }; diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index 4df1b67e..b264ca51 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -1,6 +1,9 @@ -{ config, lib, pkgs, ... }: { - + config, + lib, + pkgs, + ... +}: { # Enable OpenGL hardware.graphics = { enable = true; @@ -10,13 +13,12 @@ services.xserver.videoDrivers = ["nvidia"]; hardware.nvidia = { - # Modesetting is required. modesetting.enable = true; # Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. powerManagement.enable = false; @@ -26,17 +28,17 @@ # Use the NVidia open source kernel module (not to be confused with the # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ open = false; # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. + # accessible via `nvidia-settings`. nvidiaSettings = true; # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.stable; }; - } \ No newline at end of file +} From 21eff1d08302abacb7010b5dd065d49e69f57e69 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 13:07:56 -0500 Subject: [PATCH 675/932] moved Eve configurations into their own package --- configurations/home-manager/eve/default.nix | 45 +--------------- configurations/home-manager/eve/packages.nix | 52 +++++++++++++++++++ .../nixos/emergent/configuration.nix | 13 ++--- 3 files changed, 60 insertions(+), 50 deletions(-) create mode 100644 configurations/home-manager/eve/packages.nix diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index b2ae492a..0ab0c592 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -1,10 +1,4 @@ -{ - pkgs, - lib, - config, - osConfig, - ... -}: let +{osConfig, ...}: let userConfig = osConfig.host.users.eve; in { nixpkgs.config = { @@ -57,42 +51,5 @@ in { sessionVariables = { # EDITOR = "emacs"; }; - - packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop-bin - ungoogled-chromium - ] - ); - }; - - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - git = { - enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; - }; - - vscode = { - enable = true; - package = pkgs.vscodium; - }; - - openssh = { - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; }; } diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix new file mode 100644 index 00000000..6cc4630e --- /dev/null +++ b/configurations/home-manager/eve/packages.nix @@ -0,0 +1,52 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: let + userConfig = osConfig.host.users.eve; +in { + config = { + # Packages that can be installed without any extra configuration + # See https://search.nixos.org/packages for all options + home.packages = lib.lists.optionals userConfig.isDesktopUser ( + with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop-bin + ungoogled-chromium + ] + ); + + # Packages that need to be installed with some extra configuration + # See https://home-manager-options.extranix.com/ for all options + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + git = { + enable = true; + userName = "Eve"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; + + vscode = { + enable = true; + package = pkgs.vscodium; + }; + + openssh = { + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }; +} diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 389dfe53..2d7df4ca 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -83,13 +83,14 @@ nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. - # You can use https://search.nixos.org/ to find more packages (and options). - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; + # Packages that can be installed without any extra configuration + # See https://search.nixos.org/packages for all options + environment.systemPackages = with pkgs; [ + wget + ]; + # Packages that need to be installed with some extra configuration + # See https://search.nixos.org/options for all options programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play From 93793f2f1c71786215025d06f1c8072bbe4ea026 Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 13:36:44 -0500 Subject: [PATCH 676/932] set nvidia drivers to open --- configurations/nixos/emergent/nvidia-drivers.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index b264ca51..fd569b3a 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -32,7 +32,7 @@ # supported GPUs is at: # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # Only available from driver 515.43.04+ - open = false; + open = true; # Enable the Nvidia settings menu, # accessible via `nvidia-settings`. From 54d03b280c5de2cd11c26fbed6f3a3e5f4497c4d Mon Sep 17 00:00:00 2001 From: Eve Date: Sun, 1 Jun 2025 13:36:50 -0500 Subject: [PATCH 677/932] increase size of boot partiton for emergent --- configurations/nixos/emergent/disco-configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix index ec002b21..ac2067f4 100644 --- a/configurations/nixos/emergent/disco-configuration.nix +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -8,7 +8,7 @@ type = "gpt"; partitions = { ESP = { - size = "64M"; + size = "512M"; type = "EF00"; content = { type = "filesystem"; From 36382ebfe0001273823e2fe417e3242495b75da6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:19:31 -0500 Subject: [PATCH 678/932] switched to using nixos-anywhere flake in dev shell --- flake.lock | 153 +++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 12 +++- util/default.nix | 2 +- 3 files changed, 163 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index fa3ad83e..fe1ba7d1 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,28 @@ "type": "github" } }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", + "owner": "nix-community", + "repo": "disko", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -57,6 +79,27 @@ "type": "github" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -151,6 +194,27 @@ "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" } }, + "nix-vm-test": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748765518, + "narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=", + "owner": "Mic92", + "repo": "nix-vm-test", + "rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "nix-vm-test", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils", @@ -172,6 +236,32 @@ "type": "github" } }, + "nixos-anywhere": { + "inputs": { + "disko": "disko_2", + "flake-parts": "flake-parts", + "nix-vm-test": "nix-vm-test", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1748794949, + "narHash": "sha256-kfqIyYpXMRgmaLOTx+AFd1Kzo+I3mOg9vexUx2qWENA=", + "owner": "nix-community", + "repo": "nixos-anywhere", + "rev": "b7686308b281917d63137373a2eb5c566a973d03", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-anywhere", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1747900541, @@ -188,6 +278,47 @@ "type": "github" } }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748481078, + "narHash": "sha256-jwKRF2EDzlv0VBF8pImPFT7DAJma7stDun25utHtwBw=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "191a461dc38313ff41bd3df4b82e49f74a56560d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1748437600, + "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1748370509, @@ -214,6 +345,7 @@ "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", + "nixos-anywhere": "nixos-anywhere", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", @@ -270,6 +402,27 @@ "repo": "default", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748243702, + "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 496456a0..c0a72cf4 100644 --- a/flake.nix +++ b/flake.nix @@ -28,6 +28,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-anywhere = { + url = "github:nix-community/nixos-anywhere"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + # disk configurations disko = { url = "github:nix-community/disko"; @@ -79,6 +84,7 @@ sops-nix, nix-syncthing, home-manager, + nixos-anywhere, impermanence, ... } @ inputs: let @@ -131,11 +137,11 @@ systemsHomes // homeSystems; in { - formatter = forEachPkgs (pkgs: pkgs.alejandra); + formatter = forEachPkgs (system: pkgs: pkgs.alejandra); # templates = import ./templates; - devShells = forEachPkgs (pkgs: { + devShells = forEachPkgs (system: pkgs: { default = pkgs.mkShell { packages = with pkgs; [ # for version controlling this repo @@ -147,7 +153,7 @@ # for viewing configuration options defined in this repo nix-inspect # for installing flakes from this repo onto other systems - nixos-anywhere + nixos-anywhere.packages.${system}.nixos-anywhere # for updating disko configurations disko ]; diff --git a/util/default.nix b/util/default.nix index 4b713da2..5b617795 100644 --- a/util/default.nix +++ b/util/default.nix @@ -53,7 +53,7 @@ ../modules/system-modules ]; in { - forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); + forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system)); mkUnless = condition: yes: (lib.mkIf (!condition) yes); mkIfElse = condition: yes: no: From b1e7be48b37adc932bac365d0ae10bdb6b0d9f9d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:27:50 -0500 Subject: [PATCH 679/932] moved packages to common-modules --- modules/common-modules/pkgs/default.nix | 19 ++++++++++++++++--- .../pkgs}/prostudiomasters.nix | 0 .../pkgs}/webtoon-dl.nix | 0 modules/nixos-modules/default.nix | 1 - modules/nixos-modules/packages/default.nix | 17 ----------------- 5 files changed, 16 insertions(+), 21 deletions(-) rename modules/{nixos-modules/packages => common-modules/pkgs}/prostudiomasters.nix (100%) rename modules/{nixos-modules/packages => common-modules/pkgs}/webtoon-dl.nix (100%) delete mode 100644 modules/nixos-modules/packages/default.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 3e4456b5..208ee246 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,17 @@ -# this folder is for custom derivations -{...}: { - # package = pkgs.callPackage ./package.nix {}; +{pkgs, ...}: { + nixpkgs.overlays = [ + (final: prev: { + webtoon-dl = + pkgs.callPackage + ./webtoon-dl.nix + {}; + }) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (final: prev: { + prostudiomasters = + pkgs.callPackage + ./prostudiomasters.nix + {}; + }) + ]; } diff --git a/modules/nixos-modules/packages/prostudiomasters.nix b/modules/common-modules/pkgs/prostudiomasters.nix similarity index 100% rename from modules/nixos-modules/packages/prostudiomasters.nix rename to modules/common-modules/pkgs/prostudiomasters.nix diff --git a/modules/nixos-modules/packages/webtoon-dl.nix b/modules/common-modules/pkgs/webtoon-dl.nix similarity index 100% rename from modules/nixos-modules/packages/webtoon-dl.nix rename to modules/common-modules/pkgs/webtoon-dl.nix diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index d668a748..8cdeae97 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -15,7 +15,6 @@ ./ai.nix ./tailscale.nix ./server - ./packages ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/modules/nixos-modules/packages/default.nix b/modules/nixos-modules/packages/default.nix deleted file mode 100644 index 208ee246..00000000 --- a/modules/nixos-modules/packages/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{pkgs, ...}: { - nixpkgs.overlays = [ - (final: prev: { - webtoon-dl = - pkgs.callPackage - ./webtoon-dl.nix - {}; - }) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? - (final: prev: { - prostudiomasters = - pkgs.callPackage - ./prostudiomasters.nix - {}; - }) - ]; -} From 7979b4ed17663d504f95036af80de4a07ab2f697 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:29:39 -0500 Subject: [PATCH 680/932] installed prostudiomasters for leyla only --- configurations/home-manager/leyla/packages.nix | 1 + configurations/nixos/horizon/configuration.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index e9ab2302..020060d3 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -72,6 +72,7 @@ in { # proprietary platforms discord obsidian + prostudiomasters (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 7e2ab8a5..770eeef4 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -50,7 +50,6 @@ environment.systemPackages = with pkgs; [ webtoon-dl - prostudiomasters ]; programs = { From a68f81cf3bc41a131ceb7ec644629037e1102ccd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:41:55 -0500 Subject: [PATCH 681/932] moved disko needed configuration to disko.nix --- modules/nixos-modules/disko.nix | 41 ++++++++++++++++++++++++-- modules/nixos-modules/impermanence.nix | 27 ----------------- 2 files changed, 39 insertions(+), 29 deletions(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 13ddb8f5..af83023c 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -20,6 +20,8 @@ disk: lib.attrsets.nameValuePair (hashDisk disk) disk ) config.host.storage.pool.cache; + + datasets = config.host.storage.pool.datasets // config.host.storage.pool.extraDatasets; in { options.host.storage = { enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; @@ -63,6 +65,39 @@ in { description = "list of drives that are going to be used as cache"; default = []; }; + # Default datasets that are needed to make a functioning system + datasets = lib.mkOption { + type = lib.types.attrsOf (inputs.disko.lib.subType { + types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; + }); + default = { + "local" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up + "local/system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + # dataset for root that gets rolled back on every boot + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + }; + }; extraDatasets = lib.mkOption { type = lib.types.attrsOf (inputs.disko.lib.subType { types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; @@ -222,13 +257,15 @@ in { ); datasets = lib.mkMerge [ - (lib.attrsets.mapAttrs (name: value: { + ( + lib.attrsets.mapAttrs (name: value: { type = value.type; options = value.options; mountpoint = value.mountpoint; postCreateHook = value.postCreateHook; }) - config.host.storage.pool.extraDatasets) + datasets + ) ]; }; }; diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index e969e203..2f38cd3e 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -38,33 +38,6 @@ }; host.storage.pool.extraDatasets = { - # local datasets are for data that should be considered ephemeral - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - # dataset for root that gets rolled back on every boot - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - # persist datasets are datasets that contain information that we would like to keep around "persist" = { type = "zfs_fs"; From 99ea35547290d71e04fb600f9cb8cec2979bfbef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 14:59:24 -0500 Subject: [PATCH 682/932] made boot disko partition configurable --- .../nixos/defiant/configuration.nix | 2 + modules/nixos-modules/disko.nix | 99 ++++++++----------- 2 files changed, 45 insertions(+), 56 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index fef7a56a..a48bddb6 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -40,6 +40,8 @@ tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"]; vdevs = [ [ "ata-ST18000NE000-3G6101_ZVTCXVEB" diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index af83023c..2cfeaccb 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,16 +50,25 @@ in { }; }; pool = { - vdevs = lib.mkOption { - type = lib.types.listOf (lib.types.listOf lib.types.str); - description = "list of disks that are going to be in"; - default = [config.host.storage.pool.drives]; + # list of drives in pool that will have a boot partition put onto them + bootDrives = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of disks that are going to have a boot partition installed on them"; + default = lib.lists.flatten config.host.storage.pool.vdevs; }; + # shorthand for vdevs if you only have 1 vdev drives = lib.mkOption { type = lib.types.listOf lib.types.str; description = "list of drives that are going to be in the vdev"; default = []; }; + # list of all drives in each vdev + vdevs = lib.mkOption { + type = lib.types.listOf (lib.types.listOf lib.types.str); + description = "list of disks that are going to be in"; + default = [config.host.storage.pool.drives]; + }; + # list of cache drives for pool cache = lib.mkOption { type = lib.types.listOf lib.types.str; description = "list of drives that are going to be used as cache"; @@ -156,59 +165,37 @@ in { disko.devices = { disk = ( builtins.listToAttrs ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + ESP = lib.mkIf (builtins.elem drive.value config.host.storage.pool.bootDrives) { + # The 2GB here for the boot partition might be a bit overkill we probably only need like 1/4th of that but storage is cheap + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - (lib.lists.flatten vdevs) - ) - ++ ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - ESP = { - # 2G here because its not much relative to how much storage we have for caching - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - cache + (lib.lists.flatten vdevs) ++ cache ) ) ); From 795b9b010f2890b2414ea549e3f5a133186234a6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:04:37 -0500 Subject: [PATCH 683/932] made zfs mode settable --- modules/nixos-modules/disko.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 2cfeaccb..3d15498c 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -50,6 +50,11 @@ in { }; }; pool = { + mode = lib.mkOption { + type = lib.types.str; + default = "raidz2"; + description = "what level of redundancy should this pool have"; + }; # list of drives in pool that will have a boot partition put onto them bootDrives = lib.mkOption { type = lib.types.listOf lib.types.str; @@ -207,7 +212,7 @@ in { type = "topology"; vdev = ( builtins.map (disks: { - mode = "raidz2"; + mode = config.host.storage.pool.mode; members = builtins.map (disk: disk.name) disks; }) From 6ce718ab095036ae60e2979e825a1ffee9777f51 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:07:13 -0500 Subject: [PATCH 684/932] moved emergent to common disko configuration --- .../nixos/emergent/configuration.nix | 8 +++ configurations/nixos/emergent/default.nix | 1 - .../nixos/emergent/disco-configuration.nix | 57 ------------------- 3 files changed, 8 insertions(+), 58 deletions(-) delete mode 100644 configurations/nixos/emergent/disco-configuration.nix diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 2d7df4ca..8176f97d 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -50,6 +50,14 @@ isPrincipleUser = true; }; }; + + storage = { + enable = true; + pool = { + mode = ""; + drives = ["wwn-0x5000039fd0cf05eb"]; + }; + }; }; # Configure keymap in X11 diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix index 34558258..452334a2 100644 --- a/configurations/nixos/emergent/default.nix +++ b/configurations/nixos/emergent/default.nix @@ -3,6 +3,5 @@ imports = [ ./configuration.nix ./hardware-configuration.nix - ./disco-configuration.nix ]; } diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix deleted file mode 100644 index ac2067f4..00000000 --- a/configurations/nixos/emergent/disco-configuration.nix +++ /dev/null @@ -1,57 +0,0 @@ -{...}: { - disko.devices = { - disk = { - disk1 = { - type = "disk"; - device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "zroot"; - }; - }; - }; - }; - }; - }; - zpool = { - zroot = { - type = "zpool"; - mode = ""; - options.cachefile = "none"; - rootFsOptions = { - compression = "zstd"; - "com.sun:auto-snapshot" = "true"; - }; - mountpoint = "/"; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; - - datasets = { - "system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - }; - }; - }; - }; -} From ba2a31a80ebea98dff88657c968f6cb239343086 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:16:27 -0500 Subject: [PATCH 685/932] removed unused variable --- configurations/nixos/emergent/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 8176f97d..eaac657d 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -2,7 +2,6 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { - config, lib, pkgs, ... From 2475170d0aecd74581b9d9f37dd6ce907d3ca48e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 15:28:06 -0500 Subject: [PATCH 686/932] moved user set configurations out of hardware-configuration.nix --- .../nixos/horizon/configuration.nix | 28 ++++- .../nixos/horizon/hardware-configuration.nix | 115 ++---------------- 2 files changed, 39 insertions(+), 104 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 770eeef4..4a73d8cb 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,7 +1,8 @@ { + lib, + pkgs, config, inputs, - pkgs, ... }: { imports = [ @@ -10,6 +11,19 @@ nixpkgs.config.allowUnfree = true; + boot = { + initrd = { + availableKernelModules = ["usb_storage" "sd_mod"]; + }; + kernelModules = ["sg"]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + host = { users = { leyla = { @@ -49,8 +63,10 @@ }; environment.systemPackages = with pkgs; [ + cachefilesd webtoon-dl ]; + services.cachefilesd.enable = true; programs = { adb.enable = true; @@ -61,6 +77,16 @@ }; }; + networking = { + networkmanager.enable = true; + hostName = "horizon"; # Define your hostname. + }; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + hardware = { + graphics.enable = true; + }; + sops.secrets = { "vpn-keys/tailscale-authkey/horizon" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index e88d8dcc..cec49141 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { @@ -12,22 +11,10 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot = { - initrd = { - availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; - kernelModules = []; - }; - kernelModules = ["kvm-intel" "sg"]; - extraModulePackages = []; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - supportedFilesystems = ["nfs"]; - }; + boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; fileSystems = { "/" = { @@ -39,98 +26,20 @@ device = "/dev/disk/by-uuid/E138-65B5"; fsType = "vfat"; }; - - "/mnt/leyla_documents" = { - device = "defiant:/export/leyla_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/eve_documents" = { - device = "defiant:/export/eve_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/export/users_documents"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "nofail" - "x-systemd.idle-timeout=600" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; - - "/mnt/media" = { - device = "defiant:/export/media"; - fsType = "nfs"; - options = [ - "vers=4" - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "fsc" - "timeo=600" - "retrans=2" - ]; - }; }; - environment.systemPackages = with pkgs; [ - cachefilesd - ]; - - services.cachefilesd.enable = true; - swapDevices = [ {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} ]; - networking = { - networkmanager.enable = true; - useDHCP = lib.mkDefault true; - hostName = "horizon"; # Define your hostname. - }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware = { - graphics.enable = true; - cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } From 35d6c1a63476a007ee81ce30bb517e8ceda5930a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 16:04:13 -0500 Subject: [PATCH 687/932] enabled fwupd on horizon --- configurations/nixos/horizon/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 4a73d8cb..5817e2bb 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -98,6 +98,10 @@ fprintd = { enable = true; }; + # firmware update tool + fwupd = { + enable = true; + }; tailscale = { enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; From 2e41153c43a8c3c1729b8deccc841d3bad38fcd9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 16:37:12 -0500 Subject: [PATCH 688/932] reverted nixos-anywhere devshell --- flake.lock | 153 ----------------------- flake.nix | 8 +- modules/home-manager-modules/openssh.nix | 16 +-- 3 files changed, 9 insertions(+), 168 deletions(-) diff --git a/flake.lock b/flake.lock index fe1ba7d1..fa3ad83e 100644 --- a/flake.lock +++ b/flake.lock @@ -20,28 +20,6 @@ "type": "github" } }, - "disko_2": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748225455, - "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", - "owner": "nix-community", - "repo": "disko", - "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "disko", - "type": "github" - } - }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -79,27 +57,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -194,27 +151,6 @@ "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" } }, - "nix-vm-test": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748765518, - "narHash": "sha256-vftOR+7zwnMWl5UpG32GL1VBeNGTDZZT0hv+2uNuBGw=", - "owner": "Mic92", - "repo": "nix-vm-test", - "rev": "d6642fbaf42fc98883d84bab66cd0ec720d9dd0c", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "nix-vm-test", - "type": "github" - } - }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils", @@ -236,32 +172,6 @@ "type": "github" } }, - "nixos-anywhere": { - "inputs": { - "disko": "disko_2", - "flake-parts": "flake-parts", - "nix-vm-test": "nix-vm-test", - "nixos-images": "nixos-images", - "nixos-stable": "nixos-stable", - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1748794949, - "narHash": "sha256-kfqIyYpXMRgmaLOTx+AFd1Kzo+I3mOg9vexUx2qWENA=", - "owner": "nix-community", - "repo": "nixos-anywhere", - "rev": "b7686308b281917d63137373a2eb5c566a973d03", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-anywhere", - "type": "github" - } - }, "nixos-hardware": { "locked": { "lastModified": 1747900541, @@ -278,47 +188,6 @@ "type": "github" } }, - "nixos-images": { - "inputs": { - "nixos-stable": [ - "nixos-anywhere", - "nixos-stable" - ], - "nixos-unstable": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748481078, - "narHash": "sha256-jwKRF2EDzlv0VBF8pImPFT7DAJma7stDun25utHtwBw=", - "owner": "nix-community", - "repo": "nixos-images", - "rev": "191a461dc38313ff41bd3df4b82e49f74a56560d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-images", - "type": "github" - } - }, - "nixos-stable": { - "locked": { - "lastModified": 1748437600, - "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1748370509, @@ -345,7 +214,6 @@ "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", - "nixos-anywhere": "nixos-anywhere", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", @@ -402,27 +270,6 @@ "repo": "default", "type": "github" } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixos-anywhere", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1748243702, - "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index c0a72cf4..ac651f7d 100644 --- a/flake.nix +++ b/flake.nix @@ -28,11 +28,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-anywhere = { - url = "github:nix-community/nixos-anywhere"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # disk configurations disko = { url = "github:nix-community/disko"; @@ -84,7 +79,6 @@ sops-nix, nix-syncthing, home-manager, - nixos-anywhere, impermanence, ... } @ inputs: let @@ -153,7 +147,7 @@ # for viewing configuration options defined in this repo nix-inspect # for installing flakes from this repo onto other systems - nixos-anywhere.packages.${system}.nixos-anywhere + nixos-anywhere # for updating disko configurations disko ]; diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 7b646b81..d7a08734 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -41,14 +41,14 @@ ( lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { services.ssh-agent.enable = true; - programs.ssh = { - enable = true; - compression = true; - addKeysToAgent = "confirm"; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - ); - }; + # programs.ssh = { + # enable = true; + # compression = true; + # addKeysToAgent = "confirm"; + # extraConfig = lib.strings.concatLines ( + # builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + # ); + # }; systemd.user.services = builtins.listToAttrs ( builtins.map (hostKey: From 5e0bf9f068b879f8b00bcec30cf4cdda47d0862e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 17:37:56 -0500 Subject: [PATCH 689/932] re enabled ssh agent IdentityFile --- modules/home-manager-modules/openssh.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index d7a08734..7b646b81 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -41,14 +41,14 @@ ( lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { services.ssh-agent.enable = true; - # programs.ssh = { - # enable = true; - # compression = true; - # addKeysToAgent = "confirm"; - # extraConfig = lib.strings.concatLines ( - # builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - # ); - # }; + programs.ssh = { + enable = true; + compression = true; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + ); + }; systemd.user.services = builtins.listToAttrs ( builtins.map (hostKey: From ac7c2e6de6eb957c8408c66f50d51397624be090 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 18:11:27 -0500 Subject: [PATCH 690/932] switched to lix --- flake.lock | 86 +++++++++++++++++++++++++++++++- flake.nix | 8 +-- modules/nixos-modules/system.nix | 1 - util/default.nix | 4 +- 4 files changed, 91 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index fa3ad83e..3dbabc8e 100644 --- a/flake.lock +++ b/flake.lock @@ -75,6 +75,39 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -110,6 +143,41 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -153,7 +221,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -211,6 +279,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -270,6 +339,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ac651f7d..7896d604 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # lix-module = { - # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # secret encryption sops-nix = { diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index 51a92ed9..b8390679 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,6 +1,5 @@ {...}: { nix = { - settings.download-buffer-size = 524288000; gc = { automatic = true; dates = "weekly"; diff --git a/util/default.nix b/util/default.nix index 5b617795..fb2f83d1 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - # lix-module = inputs.lix-module; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - # lix-module.nixosModules.default + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 9664eeb38dd162ea6d76102bfe7215a8c09bec44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 18:19:03 -0500 Subject: [PATCH 691/932] updated flakes --- .../nixos/emergent/configuration.nix | 4 +-- flake.lock | 34 +++++++++---------- modules/nixos-modules/desktop.nix | 10 +++--- 3 files changed, 23 insertions(+), 25 deletions(-) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index eaac657d..aacc820e 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -38,8 +38,8 @@ services.xserver.enable = true; # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; + services.displayManager.gdm.enable = true; + services.desktopManager.gnome.enable = true; host = { users = { diff --git a/flake.lock b/flake.lock index 3dbabc8e..bbaffa47 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748405006, - "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", + "lastModified": 1748730131, + "narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f9801a86d6603260940890c36650275090d1dceb", + "rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1748455938, - "narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=", + "lastModified": 1748811839, + "narHash": "sha256-MDl6vpEK18ZfPHfoeOa9dGRdwVWNfmCCGazt72nHw+U=", "owner": "nix-community", "repo": "home-manager", - "rev": "02077149e2921014511dac2729ae6dadb4ec50e2", + "rev": "6abf27943bbb09a0f9d443df45ec70b07a6cbe20", "type": "github" }, "original": { @@ -150,7 +150,7 @@ "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" }, "original": { "type": "tarball", @@ -171,7 +171,7 @@ "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" }, "original": { "type": "tarball", @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1748397853, - "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", + "lastModified": 1748744745, + "narHash": "sha256-kcj58eYic+yLX/KjtHEOmn6lVnCRwL1IfRGnb8aHprE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", + "rev": "c008ed9dd78efdeda5e9d5bb835c785e600791f6", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1747900541, - "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", + "lastModified": 1748634340, + "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", + "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748370509, - "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index cf59cd98..323b7ccd 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -19,12 +19,6 @@ # Enable the X11 windowing system. enable = true; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager = { - gnome.enable = true; - }; - # Get rid of xTerm desktopManager.xterm.enable = false; excludePackages = with pkgs; [ @@ -47,6 +41,10 @@ ]; }; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + pipewire = { enable = true; alsa.enable = true; From 42e2ce9258660796c4607ce8b088978406e7d57e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 20:58:30 -0500 Subject: [PATCH 692/932] fixed warnings on defiant --- configurations/nixos/defiant/configuration.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a48bddb6..0b9d1b72 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -201,16 +201,14 @@ # temp enable desktop enviroment for setup # Enable the X11 windowing system. - xserver = { - enable = true; + xserver.enable = true; - # Enable the GNOME Desktop Environment. - displayManager = { - gdm.enable = true; - }; - desktopManager = { - gnome.enable = true; - }; + # Enable the GNOME Desktop Environment. + displayManager = { + gdm.enable = true; + }; + desktopManager = { + gnome.enable = true; }; ollama = { @@ -300,7 +298,7 @@ hibernate.enable = false; hybrid-sleep.enable = false; }; - services.xserver.displayManager.gdm.autoSuspend = false; + services.displayManager.gdm.autoSuspend = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From 1a4c2b2f950359eb905a2a7975e6e9af56e1aceb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 21:06:54 -0500 Subject: [PATCH 693/932] stripped down twilight configuration.nix --- .../nixos/twilight/configuration.nix | 63 ++++++++++ configurations/nixos/twilight/default.nix | 1 + .../nixos/twilight/hardware-configuration.nix | 116 +----------------- .../nixos/twilight/nvidia-drivers.nix | 52 ++++++++ 4 files changed, 121 insertions(+), 111 deletions(-) create mode 100644 configurations/nixos/twilight/nvidia-drivers.nix diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index e9032d88..0306f191 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,6 +1,7 @@ { inputs, config, + pkgs, ... }: { imports = [ @@ -121,6 +122,63 @@ syncthing.enable = true; }; + + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + cachefilesd + ]; programs.steam = { enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play @@ -128,6 +186,11 @@ }; hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index + networking = { + networkmanager.enable = true; + hostName = "twilight"; # Define your hostname. + }; + # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index edfb3f6b..43a9164a 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -3,5 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + ./nvidia-drivers.nix ]; } diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 1cba7de7..9a4c2d2f 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -25,16 +25,6 @@ systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - - supportedFilesystems = ["nfs"]; - }; - - services.xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - - # Use X instead of wayland for gaming reasons - displayManager.gdm.wayland = false; }; fileSystems = { @@ -48,111 +38,15 @@ fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; - - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "fsc" - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "fsc" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "rsize=32768" - "wsize=32768" - "fsc" - ]; - }; }; - environment.systemPackages = with pkgs; [ - cachefilesd - ]; - swapDevices = []; - networking = { - networkmanager.enable = true; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - useDHCP = lib.mkDefault true; - hostName = "twilight"; # Define your hostname. - }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - hardware = { - # Enable OpenGL - graphics.enable = true; - - # install graphics drivers - nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; } diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix new file mode 100644 index 00000000..883b5cb8 --- /dev/null +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -0,0 +1,52 @@ +{ + lib, + config, + ... +}: { + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; + + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = true; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; +} From a7b738eae366d806f145b291c6de1ba8e1580dc2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 22:10:29 -0500 Subject: [PATCH 694/932] made twilight hardware-configuration.nix match what is automatically generated --- .../nixos/twilight/configuration.nix | 8 ++++++++ .../nixos/twilight/hardware-configuration.nix | 20 +++++-------------- .../nixos/twilight/nvidia-drivers.nix | 8 +------- 3 files changed, 14 insertions(+), 22 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 0306f191..6cef2fb1 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -10,6 +10,14 @@ nixpkgs.config.allowUnfree = true; + boot.initrd.availableKernelModules = ["usb_storage"]; + boot.kernelModules = ["sg"]; + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + sops.secrets = { "vpn-keys/tailscale-authkey/twilight" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 9a4c2d2f..1389cafe 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -4,7 +4,6 @@ { config, lib, - pkgs, modulesPath, ... }: { @@ -12,20 +11,10 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot = { - initrd = { - availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; - kernelModules = []; - }; - kernelModules = ["kvm-amd" "sg"]; - extraModulePackages = []; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; fileSystems = { "/" = { @@ -49,4 +38,5 @@ networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index 883b5cb8..d373bf2d 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -1,8 +1,4 @@ -{ - lib, - config, - ... -}: { +{config, ...}: { services.xserver = { # Load nvidia driver for Xorg and Wayland videoDrivers = ["nvidia"]; @@ -46,7 +42,5 @@ # Optionally, you may need to select the appropriate driver version for your specific GPU. package = config.boot.kernelPackages.nvidiaPackages.production; }; - - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }; } From e6a640abfc772e034b9dcdffc14a5101d8973fac Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 1 Jun 2025 23:52:13 -0500 Subject: [PATCH 695/932] fixed warning in nvida-drivers --- configurations/nixos/twilight/nvidia-drivers.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index d373bf2d..47763f88 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -1,8 +1,9 @@ {config, ...}: { - services.xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - + services = { + xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + }; # Use X instead of wayland for gaming reasons displayManager.gdm.wayland = false; }; From dd537353547ae61bf29174997014180cca9cc644 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 21:07:09 -0500 Subject: [PATCH 696/932] refactored leyla packages into several folders --- configurations/home-manager/leyla/default.nix | 2 +- .../home-manager/leyla/packages.nix | 136 ------------------ .../home-manager/leyla/packages/default.nix | 104 ++++++++++++++ .../home-manager/leyla/packages/direnv.nix | 12 ++ .../leyla/{ => packages}/firefox.nix | 10 +- .../home-manager/leyla/packages/git.nix | 22 +++ .../home-manager/leyla/packages/openssh.nix | 24 ++++ .../leyla/{ => packages}/vscode/default.nix | 3 +- .../{ => packages}/vscode/user-words.nix | 0 modules/home-manager-modules/continue.nix | 60 ++++---- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/openssh.nix | 117 +++++++-------- modules/home-manager-modules/user.nix | 17 +++ 13 files changed, 275 insertions(+), 233 deletions(-) delete mode 100644 configurations/home-manager/leyla/packages.nix create mode 100644 configurations/home-manager/leyla/packages/default.nix create mode 100644 configurations/home-manager/leyla/packages/direnv.nix rename configurations/home-manager/leyla/{ => packages}/firefox.nix (98%) create mode 100644 configurations/home-manager/leyla/packages/git.nix create mode 100644 configurations/home-manager/leyla/packages/openssh.nix rename configurations/home-manager/leyla/{ => packages}/vscode/default.nix (97%) rename configurations/home-manager/leyla/{ => packages}/vscode/user-words.nix (100%) create mode 100644 modules/home-manager-modules/user.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 90251a31..d7cecc47 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,7 +1,7 @@ {osConfig, ...}: { imports = [ + ./packages ./i18n.nix - ./packages.nix ./impermanence.nix ./dconf.nix ]; diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix deleted file mode 100644 index 020060d3..00000000 --- a/configurations/home-manager/leyla/packages.nix +++ /dev/null @@ -1,136 +0,0 @@ -{ - lib, - config, - osConfig, - pkgs, - ... -}: let - userConfig = osConfig.host.users.leyla; - hardware = osConfig.host.hardware; -in { - imports = [ - ./vscode/default.nix - ./firefox.nix - ]; - - config = lib.mkMerge [ - (lib.mkIf userConfig.isTerminalUser { - home.packages = with pkgs; [ - # command line tools - sox - yt-dlp - ffmpeg - imagemagick - ]; - }) - (lib.mkIf userConfig.isDesktopUser { - nixpkgs.config = { - allowUnfree = true; - }; - - home.packages = ( - lib.lists.optionals userConfig.isDesktopUser ( - (with pkgs; [ - # helvetica font - aileron - - gnomeExtensions.dash-to-dock - - # development tools - dbeaver-bin - bruno - proxmark3 - ]) - ++ ( - lib.lists.optionals hardware.directAccess.enable (with pkgs; [ - #foss platforms - signal-desktop-bin - bitwarden - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - # kicad-small - makemkv - onionshare - # rhythmbox - (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) - # wireshark - # rpi-imager - # fritzing - mfoc - tor-browser - anki - pdfarranger - calibre - qbittorrent - picard - - # proprietary platforms - discord - obsidian - prostudiomasters - (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - - # development tools - # androidStudioPackages.canary - jetbrains.idea-community - qFlipper - - # system tools - protonvpn-gui - openvpn - noisetorch - - # hardware management tools - (lib.mkIf hardware.piperMouse.enable piper) - (lib.mkIf hardware.openRGB.enable openrgb) - (lib.mkIf hardware.viaKeyboard.enable via) - ]) - ) - ) - ); - programs = lib.mkIf userConfig.isDesktopUser { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - # set up git defaults - git = { - enable = true; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; - }; - - # add direnv to auto load flakes for development - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["/home/leyla/documents/code/nix-config"]; - }; - }; - bash.enable = true; - - openssh = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; - }) - ]; -} diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix new file mode 100644 index 00000000..fd2347c3 --- /dev/null +++ b/configurations/home-manager/leyla/packages/default.nix @@ -0,0 +1,104 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: let + hardware = osConfig.host.hardware; +in { + imports = [ + ./vscode + ./firefox.nix + ./direnv.nix + ./openssh.nix + ./git.nix + ]; + + config = lib.mkMerge [ + (lib.mkIf config.user.isTerminalUser { + home.packages = with pkgs; [ + # command line tools + sox + yt-dlp + ffmpeg + imagemagick + ]; + }) + (lib.mkIf config.user.isDesktopUser { + nixpkgs.config = { + allowUnfree = true; + }; + + home.packages = ( + (with pkgs; [ + # helvetica font + aileron + + gnomeExtensions.dash-to-dock + + # development tools + dbeaver-bin + bruno + proxmark3 + ]) + ++ ( + lib.lists.optionals hardware.directAccess.enable (with pkgs; [ + #foss platforms + signal-desktop-bin + bitwarden + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + # kicad-small + makemkv + onionshare + # rhythmbox + (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) + # wireshark + # rpi-imager + # fritzing + mfoc + tor-browser + anki + pdfarranger + calibre + qbittorrent + picard + + # proprietary platforms + discord + obsidian + prostudiomasters + (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) + + # development tools + # androidStudioPackages.canary + jetbrains.idea-community + qFlipper + + # system tools + protonvpn-gui + openvpn + noisetorch + + # hardware management tools + (lib.mkIf hardware.piperMouse.enable piper) + (lib.mkIf hardware.openRGB.enable openrgb) + (lib.mkIf hardware.viaKeyboard.enable via) + ]) + ) + ); + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + bash.enable = true; + }; + }) + ]; +} diff --git a/configurations/home-manager/leyla/packages/direnv.nix b/configurations/home-manager/leyla/packages/direnv.nix new file mode 100644 index 00000000..630d0cc1 --- /dev/null +++ b/configurations/home-manager/leyla/packages/direnv.nix @@ -0,0 +1,12 @@ +{config, ...}: { + config = { + programs = { + git = { + enable = config.user.isDesktopUser || config.user.isTerminalUser; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix similarity index 98% rename from configurations/home-manager/leyla/firefox.nix rename to configurations/home-manager/leyla/packages/firefox.nix index 0adea283..fcac9725 100644 --- a/configurations/home-manager/leyla/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -2,14 +2,12 @@ lib, pkgs, inputs, - osConfig, + config, ... -}: let - is-desktop-user = osConfig.host.users.leyla.isDesktopUser; -in { - config = lib.mkIf is-desktop-user { +}: { + config = { programs.firefox = { - enable = true; + enable = config.user.isDesktopUser; profiles.leyla = { settings = { "browser.search.defaultenginename" = "Searx"; diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix new file mode 100644 index 00000000..038c1499 --- /dev/null +++ b/configurations/home-manager/leyla/packages/git.nix @@ -0,0 +1,22 @@ +{ + lib, + config, + osConfig, + ... +}: let + userConfig = osConfig.host.users.leyla; +in { + config = lib.mkIf userConfig.isDesktopUser { + programs = { + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; + }; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix new file mode 100644 index 00000000..07b44880 --- /dev/null +++ b/configurations/home-manager/leyla/packages/openssh.nix @@ -0,0 +1,24 @@ +{ + config, + osConfig, + ... +}: { + config = { + programs = { + openssh = { + enable = config.user.isDesktopUser; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix similarity index 97% rename from configurations/home-manager/leyla/vscode/default.nix rename to configurations/home-manager/leyla/packages/vscode/default.nix index c2ee0665..4ad8c817 100644 --- a/configurations/home-manager/leyla/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -8,9 +8,8 @@ }: let nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; - is-desktop-user = osConfig.host.users.leyla.isDesktopUser; in { - config = lib.mkIf is-desktop-user { + config = lib.mkIf config.user.isDesktopUser { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default diff --git a/configurations/home-manager/leyla/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix similarity index 100% rename from configurations/home-manager/leyla/vscode/user-words.nix rename to configurations/home-manager/leyla/packages/vscode/user-words.nix diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix index 327ee44c..20ec52ba 100644 --- a/modules/home-manager-modules/continue.nix +++ b/modules/home-manager-modules/continue.nix @@ -7,40 +7,38 @@ }: let ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { - options = { - user.continue = { - enable = lib.mkEnableOption "should continue be enabled on this machine"; - docs = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - startUrl = lib.mkOption { - type = lib.types.str; - }; + options.user.continue = { + enable = lib.mkEnableOption "should continue be enabled on this machine"; + docs = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; }; - })); - }; - context = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - provider = lib.mkOption { - type = lib.types.str; - default = name; - }; + startUrl = lib.mkOption { + type = lib.types.str; }; - })); - default = { - "code" = {}; - "docs" = {}; - "diff" = {}; - "terminal" = {}; - "problems" = {}; - "folder" = {}; - "codebase" = {}; }; + })); + }; + context = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + provider = lib.mkOption { + type = lib.types.str; + default = name; + }; + }; + })); + default = { + "code" = {}; + "docs" = {}; + "diff" = {}; + "terminal" = {}; + "problems" = {}; + "folder" = {}; + "codebase" = {}; }; }; }; diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index ee47fb58..b4d9c161 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -1,6 +1,7 @@ # this folder container modules that are for home manager only {...}: { imports = [ + ./user.nix ./flipperzero.nix ./i18n.nix ./openssh.nix diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 7b646b81..c8ba22d0 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -6,6 +6,7 @@ ... }: { options.programs.openssh = { + enable = lib.mkEnableOption "should we enable openssh"; authorizedKeys = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; @@ -37,63 +38,65 @@ }; }; - config = lib.mkMerge [ - ( - lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { - services.ssh-agent.enable = true; - programs.ssh = { - enable = true; - compression = true; - addKeysToAgent = "confirm"; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + config = lib.mkIf config.programs.openssh.enable ( + lib.mkMerge [ + ( + lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { + services.ssh-agent.enable = true; + programs.ssh = { + enable = true; + compression = true; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys + ); + }; + + systemd.user.services = builtins.listToAttrs ( + builtins.map (hostKey: + lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { + Install = { + WantedBy = ["default.target"]; + }; + Service = let + path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; + in { + Restart = "always"; + Type = "simple"; + ExecStart = "${ + pkgs.writeShellScript "ssh-gen-keys" '' + if ! [ -s "${path}" ]; then + if ! [ -h "${path}" ]; then + rm -f "${path}" + fi + mkdir -p "$(dirname '${path}')" + chmod 0755 "$(dirname '${path}')" + ${pkgs.openssh}/bin/ssh-keygen \ + -t "${hostKey.type}" \ + ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ + ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ + ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ + ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ + -f "${path}" \ + -N "" + chown ${config.home.username} ${path}* + chgrp ${config.home.username} ${path}* + fi + '' + }"; + }; + }) + config.programs.openssh.hostKeys + ); + } + ) + (lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + files = lib.lists.flatten ( + builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); }; - - systemd.user.services = builtins.listToAttrs ( - builtins.map (hostKey: - lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { - Install = { - WantedBy = ["default.target"]; - }; - Service = let - path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; - in { - Restart = "always"; - Type = "simple"; - ExecStart = "${ - pkgs.writeShellScript "ssh-gen-keys" '' - if ! [ -s "${path}" ]; then - if ! [ -h "${path}" ]; then - rm -f "${path}" - fi - mkdir -p "$(dirname '${path}')" - chmod 0755 "$(dirname '${path}')" - ${pkgs.openssh}/bin/ssh-keygen \ - -t "${hostKey.type}" \ - ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ - ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ - ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ - ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ - -f "${path}" \ - -N "" - chown ${config.home.username} ${path}* - chgrp ${config.home.username} ${path}* - fi - '' - }"; - }; - }) - config.programs.openssh.hostKeys - ); - } - ) - (lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - files = lib.lists.flatten ( - builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys - ); - }; - }) - ]; + }) + ] + ); } diff --git a/modules/home-manager-modules/user.nix b/modules/home-manager-modules/user.nix new file mode 100644 index 00000000..efce22de --- /dev/null +++ b/modules/home-manager-modules/user.nix @@ -0,0 +1,17 @@ +{ + lib, + config, + osConfig, + ... +}: { + options.user = { + isDesktopUser = lib.mkOption { + type = lib.types.bool; + default = osConfig.host.users.${config.home.username}.isDesktopUser; + }; + isTerminalUser = lib.mkOption { + type = lib.types.bool; + default = osConfig.host.users.${config.home.username}.isTerminalUser; + }; + }; +} From 666504a63aca6f31213bb28a299fc51103c3c432 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 21:13:45 -0500 Subject: [PATCH 697/932] added notes for leyla packages --- .../home-manager/leyla/packages/default.nix | 10 ++++++++ .../home-manager/leyla/packages/direnv.nix | 24 +++++++++++++------ .../home-manager/leyla/packages/firefox.nix | 1 + .../home-manager/leyla/packages/git.nix | 24 ++++++------------- .../home-manager/leyla/packages/openssh.nix | 1 + 5 files changed, 36 insertions(+), 24 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index fd2347c3..d8b200d7 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -45,7 +45,9 @@ in { ++ ( lib.lists.optionals hardware.directAccess.enable (with pkgs; [ #foss platforms + # TODO: move signal to package with impermanence signal-desktop-bin + # TODO: move bitwarden to package with impermanence bitwarden ungoogled-chromium libreoffice @@ -55,9 +57,12 @@ in { freecad # cura # kicad-small + # TODO: move makemkv to package with configs set and impermanence makemkv onionshare # rhythmbox + + # TODO: move obs to package with impermanence (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) # wireshark # rpi-imager @@ -71,17 +76,22 @@ in { picard # proprietary platforms + # TODO: move discord to package with impermanence discord + # TODO: move obsidian to package with impermanence obsidian + # TODO: move prostudiomasters to package with impermanence prostudiomasters (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools # androidStudioPackages.canary + # TODO: move idea to package with impermanence and installed extensions jetbrains.idea-community qFlipper # system tools + # TODO: move protonvpn to package with impermanence and installed extensions protonvpn-gui openvpn noisetorch diff --git a/configurations/home-manager/leyla/packages/direnv.nix b/configurations/home-manager/leyla/packages/direnv.nix index 630d0cc1..038c1499 100644 --- a/configurations/home-manager/leyla/packages/direnv.nix +++ b/configurations/home-manager/leyla/packages/direnv.nix @@ -1,11 +1,21 @@ -{config, ...}: { - config = { +{ + lib, + config, + osConfig, + ... +}: let + userConfig = osConfig.host.users.leyla; +in { + config = lib.mkIf userConfig.isDesktopUser { programs = { - git = { - enable = config.user.isDesktopUser || config.user.isTerminalUser; - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; + }; }; }; }; diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index fcac9725..a343b0a5 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -341,5 +341,6 @@ }; }; }; + # TODO: impermanence module, prob in home-manager-modules? }; } diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 038c1499..630d0cc1 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -1,21 +1,11 @@ -{ - lib, - config, - osConfig, - ... -}: let - userConfig = osConfig.host.users.leyla; -in { - config = lib.mkIf userConfig.isDesktopUser { +{config, ...}: { + config = { programs = { - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; - }; + git = { + enable = config.user.isDesktopUser || config.user.isTerminalUser; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; }; }; }; diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix index 07b44880..e7131c98 100644 --- a/configurations/home-manager/leyla/packages/openssh.nix +++ b/configurations/home-manager/leyla/packages/openssh.nix @@ -20,5 +20,6 @@ ]; }; }; + # TODO: impermanence module, prob in home-manager-modules? }; } From 9fe35e74ad5feb6711ec3335d6ee12db15231c2c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 22:47:01 -0500 Subject: [PATCH 698/932] created program option entries for all packages that needs continual state --- configurations/home-manager/eve/packages.nix | 62 ++++++++++--------- .../home-manager/leyla/packages/default.nix | 56 +++++++++-------- .../home-manager/leyla/packages/firefox.nix | 2 - .../home-manager/leyla/packages/git.nix | 3 +- .../home-manager/leyla/packages/openssh.nix | 2 - .../leyla/packages/vscode/default.nix | 2 - modules/home-manager-modules/default.nix | 1 + .../home-manager-modules/programs/anki.nix | 24 +++++++ .../programs/bitwarden.nix | 24 +++++++ .../home-manager-modules/programs/calibre.nix | 24 +++++++ .../home-manager-modules/programs/default.nix | 17 +++++ .../home-manager-modules/programs/discord.nix | 24 +++++++ .../home-manager-modules/programs/firefox.nix | 3 + .../home-manager-modules/programs/idea.nix | 24 +++++++ .../home-manager-modules/programs/makemkv.nix | 25 ++++++++ modules/home-manager-modules/programs/obs.nix | 24 +++++++ .../programs/obsidian.nix | 24 +++++++ .../programs/prostudiomasters.nix | 24 +++++++ .../programs/protonvpn.nix | 24 +++++++ .../programs/qbittorrent.nix | 24 +++++++ .../home-manager-modules/programs/signal.nix | 24 +++++++ 21 files changed, 374 insertions(+), 63 deletions(-) create mode 100644 modules/home-manager-modules/programs/anki.nix create mode 100644 modules/home-manager-modules/programs/bitwarden.nix create mode 100644 modules/home-manager-modules/programs/calibre.nix create mode 100644 modules/home-manager-modules/programs/default.nix create mode 100644 modules/home-manager-modules/programs/discord.nix create mode 100644 modules/home-manager-modules/programs/firefox.nix create mode 100644 modules/home-manager-modules/programs/idea.nix create mode 100644 modules/home-manager-modules/programs/makemkv.nix create mode 100644 modules/home-manager-modules/programs/obs.nix create mode 100644 modules/home-manager-modules/programs/obsidian.nix create mode 100644 modules/home-manager-modules/programs/prostudiomasters.nix create mode 100644 modules/home-manager-modules/programs/protonvpn.nix create mode 100644 modules/home-manager-modules/programs/qbittorrent.nix create mode 100644 modules/home-manager-modules/programs/signal.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 6cc4630e..1abf501e 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -12,41 +12,47 @@ in { # See https://search.nixos.org/packages for all options home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop-bin ungoogled-chromium ] ); # Packages that need to be installed with some extra configuration # See https://home-manager-options.extranix.com/ for all options - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + } + (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { + git = { + enable = true; + userName = "Eve"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; - git = { - enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; - }; + openssh = { + enable = true; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }) + (lib.mkIf userConfig.isDesktopUser { + vscode = { + enable = true; + package = pkgs.vscodium; + }; - vscode = { - enable = true; - package = pkgs.vscodium; - }; - - openssh = { - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; + firefox.enable = true; + bitwarden.enable = true; + discord.enable = true; + makemkv.enable = true; + signal-desktop-bin.enable = true; + }) + ]; }; } diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index d8b200d7..cfe70cce 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -45,10 +45,6 @@ in { ++ ( lib.lists.optionals hardware.directAccess.enable (with pkgs; [ #foss platforms - # TODO: move signal to package with impermanence - signal-desktop-bin - # TODO: move bitwarden to package with impermanence - bitwarden ungoogled-chromium libreoffice inkscape @@ -57,42 +53,25 @@ in { freecad # cura # kicad-small - # TODO: move makemkv to package with configs set and impermanence - makemkv onionshare # rhythmbox - # TODO: move obs to package with impermanence - (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) # wireshark # rpi-imager # fritzing mfoc tor-browser - anki pdfarranger - calibre - qbittorrent picard # proprietary platforms - # TODO: move discord to package with impermanence - discord - # TODO: move obsidian to package with impermanence - obsidian - # TODO: move prostudiomasters to package with impermanence - prostudiomasters (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) # development tools # androidStudioPackages.canary - # TODO: move idea to package with impermanence and installed extensions - jetbrains.idea-community qFlipper # system tools - # TODO: move protonvpn to package with impermanence and installed extensions - protonvpn-gui openvpn noisetorch @@ -103,12 +82,35 @@ in { ]) ) ); - programs = { - # Let Home Manager install and manage itself. - home-manager.enable = true; - - bash.enable = true; - }; + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + bash.enable = true; + } + (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { + git.enable = true; + openssh.enable = true; + }) + (lib.mkIf hardware.directAccess.enable { + anki.enable = true; + bitwarden.enable = true; + signal-desktop-bin.enable = true; + makemkv.enable = true; + obs-studio.enable = hardware.graphicsAcceleration.enable; + calibre.enable = true; + qbittorrent.enable = true; + discord.enable = true; + obsidian.enable = true; + prostudiomasters.enable = true; + jetbrains.idea-community.enable = true; + protonvpn-gui.enable = true; + }) + (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { + vscode.enable = true; + firefox.enable = true; + }) + ]; }) ]; } diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index a343b0a5..f9787b96 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -2,12 +2,10 @@ lib, pkgs, inputs, - config, ... }: { config = { programs.firefox = { - enable = config.user.isDesktopUser; profiles.leyla = { settings = { "browser.search.defaultenginename" = "Searx"; diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 630d0cc1..568cd7ab 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -1,8 +1,7 @@ -{config, ...}: { +{...}: { config = { programs = { git = { - enable = config.user.isDesktopUser || config.user.isTerminalUser; userName = "Leyla Becker"; userEmail = "git@jan-leila.com"; extraConfig.init.defaultBranch = "main"; diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix index e7131c98..91aec11d 100644 --- a/configurations/home-manager/leyla/packages/openssh.nix +++ b/configurations/home-manager/leyla/packages/openssh.nix @@ -6,7 +6,6 @@ config = { programs = { openssh = { - enable = config.user.isDesktopUser; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" @@ -20,6 +19,5 @@ ]; }; }; - # TODO: impermanence module, prob in home-manager-modules? }; } diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 4ad8c817..c21e01d0 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -26,8 +26,6 @@ in { open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; in { - enable = true; - package = pkgs.vscodium; mutableExtensionsDir = false; diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index b4d9c161..faf6f580 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -6,5 +6,6 @@ ./i18n.nix ./openssh.nix ./continue.nix + ./programs ]; } diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix new file mode 100644 index 00000000..d513657f --- /dev/null +++ b/modules/home-manager-modules/programs/anki.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.anki = { + enable = lib.mkEnableOption "enable anki"; + }; + + config = lib.mkIf config.programs.anki.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + anki + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for anki + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix new file mode 100644 index 00000000..b68ee305 --- /dev/null +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.bitwarden = { + enable = lib.mkEnableOption "enable bitwarden"; + }; + + config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + bitwarden + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for bitwarden + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix new file mode 100644 index 00000000..f22fbbfa --- /dev/null +++ b/modules/home-manager-modules/programs/calibre.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.calibre = { + enable = lib.mkEnableOption "enable calibre"; + }; + + config = lib.mkIf config.programs.calibre.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + calibre + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for calibre + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix new file mode 100644 index 00000000..a9139bcc --- /dev/null +++ b/modules/home-manager-modules/programs/default.nix @@ -0,0 +1,17 @@ +{...}: { + imports = [ + ./firefox.nix + ./signal.nix + ./bitwarden.nix + ./makemkv.nix + ./obs.nix + ./anki.nix + ./qbittorrent.nix + ./discord.nix + ./obsidian.nix + ./prostudiomasters.nix + ./idea.nix + ./protonvpn.nix + ./calibre.nix + ]; +} diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix new file mode 100644 index 00000000..a81bb03d --- /dev/null +++ b/modules/home-manager-modules/programs/discord.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.discord = { + enable = lib.mkEnableOption "enable discord"; + }; + + config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + discord + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for discord + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix new file mode 100644 index 00000000..654a480f --- /dev/null +++ b/modules/home-manager-modules/programs/firefox.nix @@ -0,0 +1,3 @@ +{...}: { + # TODO: map firefox impermanence +} diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix new file mode 100644 index 00000000..a7a6d7f4 --- /dev/null +++ b/modules/home-manager-modules/programs/idea.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.jetbrains.idea-community = { + enable = lib.mkEnableOption "enable idea-community"; + }; + + config = lib.mkIf config.programs.jetbrains.idea-community.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + jetbrains.idea-community + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for idea-community + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix new file mode 100644 index 00000000..c1040bb8 --- /dev/null +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.makemkv = { + enable = lib.mkEnableOption "enable makemkv"; + }; + + config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + makemkv + ]; + # TODO: write config file for makemkv + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for makemkv + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix new file mode 100644 index 00000000..b29521a0 --- /dev/null +++ b/modules/home-manager-modules/programs/obs.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.obs-studio = { + # enable = lib.mkEnableOption "enable obs"; + }; + + config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + obs-studio + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for obs + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix new file mode 100644 index 00000000..57f119b3 --- /dev/null +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.obsidian = { + # enable = lib.mkEnableOption "enable obsidian"; + }; + + config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + obsidian + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for obsidian + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix new file mode 100644 index 00000000..4481f5b7 --- /dev/null +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.prostudiomasters = { + enable = lib.mkEnableOption "enable prostudiomasters"; + }; + + config = lib.mkIf config.programs.prostudiomasters.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + prostudiomasters + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for prostudiomasters + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix new file mode 100644 index 00000000..1ddedc70 --- /dev/null +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.protonvpn-gui = { + enable = lib.mkEnableOption "enable protonvpn"; + }; + + config = lib.mkIf config.programs.protonvpn-gui.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + protonvpn-gui + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for protonvpn + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix new file mode 100644 index 00000000..1e98c3ea --- /dev/null +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.qbittorrent = { + enable = lib.mkEnableOption "enable qbittorrent"; + }; + + config = lib.mkIf config.programs.qbittorrent.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + qbittorrent + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for qbittorrent + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix new file mode 100644 index 00000000..4eb0f376 --- /dev/null +++ b/modules/home-manager-modules/programs/signal.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.signal-desktop-bin = { + enable = lib.mkEnableOption "enable signal"; + }; + + config = lib.mkIf config.programs.signal-desktop-bin.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + signal-desktop-bin + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for signal + } + ) + ]); +} From d741c252914683a6e5f38eb50f2fdcf262badef7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 22:50:35 -0500 Subject: [PATCH 699/932] moved some packages under desktop + direct access --- .../home-manager/leyla/packages/default.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index cfe70cce..ff32361b 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -92,21 +92,21 @@ in { git.enable = true; openssh.enable = true; }) - (lib.mkIf hardware.directAccess.enable { - anki.enable = true; + (lib.mkIf config.user.isDesktopUser { bitwarden.enable = true; - signal-desktop-bin.enable = true; - makemkv.enable = true; obs-studio.enable = hardware.graphicsAcceleration.enable; - calibre.enable = true; qbittorrent.enable = true; - discord.enable = true; - obsidian.enable = true; prostudiomasters.enable = true; - jetbrains.idea-community.enable = true; protonvpn-gui.enable = true; }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { + anki.enable = true; + makemkv.enable = true; + discord.enable = true; + signal-desktop-bin.enable = true; + calibre.enable = true; + obsidian.enable = true; + jetbrains.idea-community.enable = true; vscode.enable = true; firefox.enable = true; }) From eca8dfcf69ed8a312ea1326f7493535513a0d0b4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 2 Jun 2025 23:15:17 -0500 Subject: [PATCH 700/932] removed extra packages --- flake.lock | 24 +++++++++---------- modules/home-manager-modules/programs/obs.nix | 10 -------- .../programs/obsidian.nix | 10 -------- 3 files changed, 12 insertions(+), 32 deletions(-) diff --git a/flake.lock b/flake.lock index bbaffa47..f77dacd5 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748225455, - "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", + "lastModified": 1748832438, + "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", "owner": "nix-community", "repo": "disko", - "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", + "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748730131, - "narHash": "sha256-QHKZlwzw80hoJkNGXQePIg4u109lqcodALkont2WJAc=", + "lastModified": 1748923398, + "narHash": "sha256-794RwyZJto9NoFlGYuhWKhkhkJ0KrH9Paw5w1DM2zA0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "aa7bfc2ec4763b57386fcd50242c390a596b9bb0", + "rev": "9eb346d6488b06f04809da4de2073666e25ede9d", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1748811839, - "narHash": "sha256-MDl6vpEK18ZfPHfoeOa9dGRdwVWNfmCCGazt72nHw+U=", + "lastModified": 1748923085, + "narHash": "sha256-wXguCR+auZ5eoW8fKlm0C/6LNXL+1r4UXNLylwV7wQU=", "owner": "nix-community", "repo": "home-manager", - "rev": "6abf27943bbb09a0f9d443df45ec70b07a6cbe20", + "rev": "5adc1a51a2fa8efec9d4eaa4f7df97908cded00d", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1748744745, - "narHash": "sha256-kcj58eYic+yLX/KjtHEOmn6lVnCRwL1IfRGnb8aHprE=", + "lastModified": 1748916419, + "narHash": "sha256-xeIzrAq+HNCp6Tx+lNfoty4D3zzfqSgQGgeTHXb2zGk=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "c008ed9dd78efdeda5e9d5bb835c785e600791f6", + "rev": "1599b5b404e6bbdaf088f4c8872954146f8a19bb", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index b29521a0..98c4feac 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -1,20 +1,10 @@ { lib, - pkgs, config, osConfig, ... }: { - options.programs.obs-studio = { - # enable = lib.mkEnableOption "enable obs"; - }; - config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - obs-studio - ]; - } ( lib.mkIf osConfig.host.impermanence.enable { # TODO: map impermanence for obs diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 57f119b3..9dd92994 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -1,20 +1,10 @@ { lib, - pkgs, config, osConfig, ... }: { - options.programs.obsidian = { - # enable = lib.mkEnableOption "enable obsidian"; - }; - config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - obsidian - ]; - } ( lib.mkIf osConfig.host.impermanence.enable { # TODO: map impermanence for obsidian From 7473ad541586ed857039bc651567c3b1d7278ce0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 11:19:34 -0500 Subject: [PATCH 701/932] moved more packages to module --- .../home-manager/leyla/packages/default.nix | 66 +++++++++---------- .../home-manager-modules/programs/bruno.nix | 24 +++++++ .../home-manager-modules/programs/dbeaver.nix | 24 +++++++ .../home-manager-modules/programs/default.nix | 2 + 4 files changed, 83 insertions(+), 33 deletions(-) create mode 100644 modules/home-manager-modules/programs/bruno.nix create mode 100644 modules/home-manager-modules/programs/dbeaver.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index ff32361b..8f064410 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -16,6 +16,39 @@ in { ]; config = lib.mkMerge [ + { + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + } + (lib.mkIf (config.user.isTerminalUser || config.user.isDesktopUser) { + bash.enable = true; + git.enable = true; + openssh.enable = true; + }) + (lib.mkIf config.user.isDesktopUser { + bitwarden.enable = true; + obs-studio.enable = hardware.graphicsAcceleration.enable; + qbittorrent.enable = true; + prostudiomasters.enable = true; + protonvpn-gui.enable = true; + dbeaver-bin.enable = true; + bruno.enable = true; + }) + (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { + anki.enable = true; + makemkv.enable = true; + discord.enable = true; + signal-desktop-bin.enable = true; + calibre.enable = true; + obsidian.enable = true; + jetbrains.idea-community.enable = true; + vscode.enable = true; + firefox.enable = true; + }) + ]; + } (lib.mkIf config.user.isTerminalUser { home.packages = with pkgs; [ # command line tools @@ -32,14 +65,10 @@ in { home.packages = ( (with pkgs; [ - # helvetica font aileron gnomeExtensions.dash-to-dock - # development tools - dbeaver-bin - bruno proxmark3 ]) ++ ( @@ -82,35 +111,6 @@ in { ]) ) ); - programs = lib.mkMerge [ - { - # Let Home Manager install and manage itself. - home-manager.enable = true; - bash.enable = true; - } - (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { - git.enable = true; - openssh.enable = true; - }) - (lib.mkIf config.user.isDesktopUser { - bitwarden.enable = true; - obs-studio.enable = hardware.graphicsAcceleration.enable; - qbittorrent.enable = true; - prostudiomasters.enable = true; - protonvpn-gui.enable = true; - }) - (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { - anki.enable = true; - makemkv.enable = true; - discord.enable = true; - signal-desktop-bin.enable = true; - calibre.enable = true; - obsidian.enable = true; - jetbrains.idea-community.enable = true; - vscode.enable = true; - firefox.enable = true; - }) - ]; }) ]; } diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix new file mode 100644 index 00000000..b7e6ae35 --- /dev/null +++ b/modules/home-manager-modules/programs/bruno.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.bruno = { + enable = lib.mkEnableOption "enable bruno"; + }; + + config = lib.mkIf config.programs.bruno.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + bruno + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for bruno + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix new file mode 100644 index 00000000..fed1d6dd --- /dev/null +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -0,0 +1,24 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.dbeaver-bin = { + enable = lib.mkEnableOption "enable dbeaver"; + }; + + config = lib.mkIf config.programs.dbeaver-bin.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + dbeaver-bin + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: map impermanence for dbeaver + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index a9139bcc..aa157010 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -13,5 +13,7 @@ ./idea.nix ./protonvpn.nix ./calibre.nix + ./bruno.nix + ./dbeaver.nix ]; } From 9c7cc3e3a759f38c515e7b2e73dd2cbe5f1aaebf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 16:23:20 -0500 Subject: [PATCH 702/932] drafted out home manager steam configuration --- .../home-manager/leyla/packages/default.nix | 1 + configurations/nixos/horizon/configuration.nix | 2 +- .../nixos/twilight/configuration.nix | 2 +- .../home-manager-modules/programs/default.nix | 1 + .../home-manager-modules/programs/steam.nix | 17 +++++++++++++++++ modules/nixos-modules/home-manager/default.nix | 1 + modules/nixos-modules/home-manager/steam.nix | 18 ++++++++++++++++++ 7 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager-modules/programs/steam.nix create mode 100644 modules/nixos-modules/home-manager/steam.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 8f064410..5af20ef2 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -46,6 +46,7 @@ in { jetbrains.idea-community.enable = true; vscode.enable = true; firefox.enable = true; + steam.enable = true; }) ]; } diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 5817e2bb..8398a388 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -71,7 +71,7 @@ programs = { adb.enable = true; steam = { - enable = true; + # enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 6cef2fb1..cb3813ea 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -188,7 +188,7 @@ cachefilesd ]; programs.steam = { - enable = true; + # enable = true; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index aa157010..ee52da26 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -15,5 +15,6 @@ ./calibre.nix ./bruno.nix ./dbeaver.nix + ./steam.nix ]; } diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix new file mode 100644 index 00000000..a7545754 --- /dev/null +++ b/modules/home-manager-modules/programs/steam.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.steam = { + enable = lib.mkEnableOption "enable steam"; + }; + + config = lib.mkIf config.programs.steam.enable { + home.packages = with pkgs; [ + steam + steam.run + ]; + }; +} diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix index cab004b1..10f86c7d 100644 --- a/modules/nixos-modules/home-manager/default.nix +++ b/modules/nixos-modules/home-manager/default.nix @@ -4,5 +4,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix + ./steam.nix ]; } diff --git a/modules/nixos-modules/home-manager/steam.nix b/modules/nixos-modules/home-manager/steam.nix new file mode 100644 index 00000000..d151bca6 --- /dev/null +++ b/modules/nixos-modules/home-manager/steam.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: let + setupSteam = + lib.lists.any + (value: value) + (lib.attrsets.mapAttrsToList (name: value: value.programs.steam.enable) config.home-manager.users); +in { + config = lib.mkIf setupSteam { + programs.steam = { + enable = true; + # TODO: figure out how to not install steam here + # package = lib.mkDefault pkgs.emptyFile; + }; + }; +} From 2c011fda87b99f9a8d8811f18821940114644089 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 16:32:44 -0500 Subject: [PATCH 703/932] moved steam config out of nix configurations --- configurations/home-manager/eve/packages.nix | 1 + configurations/nixos/emergent/configuration.nix | 7 +------ configurations/nixos/horizon/configuration.nix | 5 ----- configurations/nixos/twilight/configuration.nix | 5 ----- modules/nixos-modules/default.nix | 1 + modules/nixos-modules/steam.nix | 9 +++++++++ 6 files changed, 12 insertions(+), 16 deletions(-) create mode 100644 modules/nixos-modules/steam.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 1abf501e..3c2a281d 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -52,6 +52,7 @@ in { discord.enable = true; makemkv.enable = true; signal-desktop-bin.enable = true; + steam.enable = true; }) ]; }; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index aacc820e..c75c162e 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -98,12 +98,7 @@ # Packages that need to be installed with some extra configuration # See https://search.nixos.org/options for all options - programs.steam = { - enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; + programs = {}; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 8398a388..1c88cc36 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -70,11 +70,6 @@ programs = { adb.enable = true; - steam = { - # enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; }; networking = { diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index cb3813ea..111c002a 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -187,11 +187,6 @@ environment.systemPackages = with pkgs; [ cachefilesd ]; - programs.steam = { - # enable = true; - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - }; hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index networking = { diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 8cdeae97..2ba1a587 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -14,6 +14,7 @@ ./ollama.nix ./ai.nix ./tailscale.nix + ./steam.nix ./server ]; diff --git a/modules/nixos-modules/steam.nix b/modules/nixos-modules/steam.nix new file mode 100644 index 00000000..20c09789 --- /dev/null +++ b/modules/nixos-modules/steam.nix @@ -0,0 +1,9 @@ +{...}: { + programs = { + steam = { + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; + }; +} From ef03167d23b28506cf3c086d8ca4b5688ded866f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 20:22:35 -0500 Subject: [PATCH 704/932] added TODO note --- modules/home-manager-modules/programs/steam.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index a7545754..551cb5d6 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -14,4 +14,6 @@ steam.run ]; }; + + # TODO: bind impermanence config } From 54722eff619a303b6ce59aa206bba12958622a52 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 21:12:51 -0500 Subject: [PATCH 705/932] set up impermanence configurations for applications --- modules/home-manager-modules/programs/anki.nix | 7 ++++++- modules/home-manager-modules/programs/bitwarden.nix | 7 ++++++- modules/home-manager-modules/programs/bruno.nix | 7 ++++++- modules/home-manager-modules/programs/calibre.nix | 7 ++++++- modules/home-manager-modules/programs/dbeaver.nix | 7 ++++++- modules/home-manager-modules/programs/discord.nix | 7 ++++++- 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index d513657f..13e28c97 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for anki + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.local/share/Anki2" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index b68ee305..0265488a 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for bitwarden + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/Bitwarden" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index b7e6ae35..3323e5b1 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for bruno + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/bruno/" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index f22fbbfa..c26cd5e3 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for calibre + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/calibre" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index fed1d6dd..26dcc52e 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for dbeaver + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.local/share/DBeaverData/" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index a81bb03d..a7cbb5fd 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for discord + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "~/.config/discord/" + ]; + allowOther = true; + }; } ) ]); From 17cb9bbaf560066d3605db3ddf0fe39c7a810c44 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 21:15:26 -0500 Subject: [PATCH 706/932] set up more continue agents for horizon --- .../nixos/horizon/configuration.nix | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 1c88cc36..f72b2648 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -46,6 +46,28 @@ roles = ["chat" "edit" "apply"]; apiBase = "http://twilight:11434"; }; + "Deepseek Coder:6.7B" = { + model = "deepseek-coder:6.7b"; + roles = ["chat" "edit" "apply"]; + apiBase = "http://twilight:11434"; + }; + "Deepseek Coder:33B" = { + model = "deepseek-coder:33b"; + roles = ["chat" "edit" "apply"]; + apiBase = "http://twilight:11434"; + }; + + "Deepseek r1:8B" = { + model = "deepseek-r1:8b"; + roles = ["chat"]; + apiBase = "http://twilight:11434"; + }; + + "Deepseek r1:32B" = { + model = "deepseek-r1:32b"; + roles = ["chat"]; + apiBase = "http://twilight:11434"; + }; "qwen2.5-coder:1.5b-base" = { model = "qwen2.5-coder:1.5b-base"; From 8d86de4a2d7f9d9586219ba2202283b086c0e5b7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 3 Jun 2025 21:17:08 -0500 Subject: [PATCH 707/932] drafted out firefox impermanence --- .../home-manager-modules/programs/firefox.nix | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 654a480f..5e78114a 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -1,3 +1,33 @@ -{...}: { +{ + lib, + config, + osConfig, + ... +}: { # TODO: map firefox impermanence + config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) { + # firefox profiles are defined by: programs.firefox.profile + # TODO: only set these if we arn't using custom firefox profiles. If we are using custom profiles then we should set this for each firefox profile + # home.persistence."/persist${config.home.homeDirectory}" = { + # directories = [ + # ".mozilla/firefox/default/extensions" + # ]; + # files = [ + # ".mozilla/firefox/default/cookies.sqlite" + # ".mozilla/firefox/default/favicons.sqlite" + # # Permissions and zoom levels for each site + # ".mozilla/firefox/default/permissions.sqlite" + # ".mozilla/firefox/default/content-prefs.sqlite" + # # Browser history and bookmarks + # ".mozilla/firefox/default/places.sqlite" + # # I guess this is useful? + # # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 + # # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria + # ".mozilla/firefox/default/storage.sqlite" + # # Extension configuration + # ".mozilla/firefox/default/extension-settings.json" + # ]; + # allowOther = true; + # }; + }; } From 89373ac24366250e791a2a156018ebcb57016550 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 12:16:21 -0500 Subject: [PATCH 708/932] set up firefox impermanence --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager-modules/programs/firefox.nix | 60 +++++++++++-------- 2 files changed, 36 insertions(+), 26 deletions(-) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 3c2a281d..30fc361c 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -41,7 +41,7 @@ in { ]; }; }) - (lib.mkIf userConfig.isDesktopUser { + (lib.mkIf config.user.isDesktopUser { vscode = { enable = true; package = pkgs.vscodium; diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 5e78114a..907b619b 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -3,31 +3,41 @@ config, osConfig, ... -}: { - # TODO: map firefox impermanence +}: let + buildProfilePersistence = profile: { + directories = [ + ".mozilla/firefox/${profile}/extensions" + ]; + files = [ + ".mozilla/firefox/${profile}/cookies.sqlite" + ".mozilla/firefox/${profile}/favicons.sqlite" + # Permissions and ${profileName} levels for each site + ".mozilla/firefox/${profile}/permissions.sqlite" + ".mozilla/firefox/${profile}/content-prefs.sqlite" + # Browser history and bookmarks + ".mozilla/firefox/${profile}/places.sqlite" + # I guess this is useful? + # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 + # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria + ".mozilla/firefox/${profile}/storage.sqlite" + # Extension configuration + ".mozilla/firefox/${profile}/extension-settings.json" + ]; + allowOther = true; + }; +in { config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) { - # firefox profiles are defined by: programs.firefox.profile - # TODO: only set these if we arn't using custom firefox profiles. If we are using custom profiles then we should set this for each firefox profile - # home.persistence."/persist${config.home.homeDirectory}" = { - # directories = [ - # ".mozilla/firefox/default/extensions" - # ]; - # files = [ - # ".mozilla/firefox/default/cookies.sqlite" - # ".mozilla/firefox/default/favicons.sqlite" - # # Permissions and zoom levels for each site - # ".mozilla/firefox/default/permissions.sqlite" - # ".mozilla/firefox/default/content-prefs.sqlite" - # # Browser history and bookmarks - # ".mozilla/firefox/default/places.sqlite" - # # I guess this is useful? - # # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 - # # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria - # ".mozilla/firefox/default/storage.sqlite" - # # Extension configuration - # ".mozilla/firefox/default/extension-settings.json" - # ]; - # allowOther = true; - # }; + home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( + ( + lib.attrsets.mapAttrsToList + (profile: _: buildProfilePersistence profile) + config.programs.firefox.profiles + ) + ++ ( + lib.lists.optional + ((builtins.length (lib.attrsets.mapAttrsToList (key: value: value) config.programs.firefox.profiles)) == 0) + (buildProfilePersistence "default") + ) + ); }; } From 4e94731d9c33c95e6776116e3e8a6ea6f1bf60e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 12:30:40 -0500 Subject: [PATCH 709/932] added impermanence for jetbrains idea-community --- modules/home-manager-modules/programs/idea.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index a7a6d7f4..f4edf120 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -17,7 +17,16 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for idea-community + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + # configuration + "~/.config/JetBrains/" + # plugins + "~/.local/share/JetBrains/" + # System and Logs + "~/.cache/JetBrains/" + ]; + }; } ) ]); From 50aca7b17014f102f413bc796bd236363f1a09d2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 13:14:11 -0500 Subject: [PATCH 710/932] added applications key file --- .sops.yaml | 4 ++++ flake.lock | 44 ++++++++++++++++++++++---------------------- nix-config-secrets | 2 +- 3 files changed, 27 insertions(+), 23 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index b8b0adfd..a6e6f4f4 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -13,3 +13,7 @@ creation_rules: key_groups: - age: - *leyla + - path_regex: secrets/application-keys.yaml$ + key_groups: + - age: + - *leyla \ No newline at end of file diff --git a/flake.lock b/flake.lock index f77dacd5..eeebec5c 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748923398, - "narHash": "sha256-794RwyZJto9NoFlGYuhWKhkhkJ0KrH9Paw5w1DM2zA0=", + "lastModified": 1749009805, + "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9eb346d6488b06f04809da4de2073666e25ede9d", + "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1748923085, - "narHash": "sha256-wXguCR+auZ5eoW8fKlm0C/6LNXL+1r4UXNLylwV7wQU=", + "lastModified": 1749049052, + "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=", "owner": "nix-community", "repo": "home-manager", - "rev": "5adc1a51a2fa8efec9d4eaa4f7df97908cded00d", + "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1748352827, - "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=", + "lastModified": 1749012745, + "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90", + "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1748916419, - "narHash": "sha256-xeIzrAq+HNCp6Tx+lNfoty4D3zzfqSgQGgeTHXb2zGk=", + "lastModified": 1749002682, + "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1599b5b404e6bbdaf088f4c8872954146f8a19bb", + "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1748634340, - "narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=", + "lastModified": 1749056381, + "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a", + "rev": "029bd66faa180e11262dd1bc2732254c33415f52", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748693115, - "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "nixos", "repo": "nixpkgs", - "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -292,11 +292,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1743538790, - "narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=", + "lastModified": 1749060788, + "narHash": "sha256-bXTN8zJwbnUFEisKAZjO/6UWPVP6u38MGAmQI20QU8o=", "ref": "refs/heads/main", - "rev": "3d63dff77f8eda1667e3586169642cf256c4aa34", - "revCount": 17, + "rev": "96e0ee4409830716a1658b37737f9e05d366408e", + "revCount": 18, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/nix-config-secrets b/nix-config-secrets index 3d63dff7..96e0ee44 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 3d63dff77f8eda1667e3586169642cf256c4aa34 +Subproject commit 96e0ee4409830716a1658b37737f9e05d366408e From 7363fc97bc0c6248bc12891940175052777d5b62 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 13:19:44 -0500 Subject: [PATCH 711/932] updated application key file structure --- flake.lock | 8 ++++---- nix-config-secrets | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index eeebec5c..636f7469 100644 --- a/flake.lock +++ b/flake.lock @@ -292,11 +292,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1749060788, - "narHash": "sha256-bXTN8zJwbnUFEisKAZjO/6UWPVP6u38MGAmQI20QU8o=", + "lastModified": 1749061163, + "narHash": "sha256-WflcbitH7ErNZBFqZCdy1ODUqKF51xbu2zYfqA35+1M=", "ref": "refs/heads/main", - "rev": "96e0ee4409830716a1658b37737f9e05d366408e", - "revCount": 18, + "rev": "1c5c059c0c7b6ce691993262fe10a2b63e1c31ba", + "revCount": 19, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/nix-config-secrets b/nix-config-secrets index 96e0ee44..1c5c059c 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 96e0ee4409830716a1658b37737f9e05d366408e +Subproject commit 1c5c059c0c7b6ce691993262fe10a2b63e1c31ba From 0f26b73f6a3e96aed1978432f80689b892083760 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 18:37:53 -0500 Subject: [PATCH 712/932] set up makemkv persistence --- .../home-manager/leyla/packages/default.nix | 1 + .../home-manager/leyla/packages/makemkv.nix | 17 +++++++++++++++ modules/home-manager-modules/default.nix | 1 + .../home-manager-modules/programs/makemkv.nix | 21 +++++++++++++++++-- modules/home-manager-modules/sops.nix | 7 +++++++ 5 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 configurations/home-manager/leyla/packages/makemkv.nix create mode 100644 modules/home-manager-modules/sops.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 5af20ef2..4acfaf1f 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -13,6 +13,7 @@ in { ./direnv.nix ./openssh.nix ./git.nix + ./makemkv.nix ]; config = lib.mkMerge [ diff --git a/configurations/home-manager/leyla/packages/makemkv.nix b/configurations/home-manager/leyla/packages/makemkv.nix new file mode 100644 index 00000000..ee719554 --- /dev/null +++ b/configurations/home-manager/leyla/packages/makemkv.nix @@ -0,0 +1,17 @@ +{ + config, + inputs, + ... +}: { + config = { + sops.secrets = { + "application-keys/makemkv" = { + sopsFile = "${inputs.secrets}/application-keys.yaml"; + }; + }; + programs.makemkv = { + appKeyFile = config.sops.placeholder."application-keys/makemkv"; + destinationDir = "/home/leyla/downloads/makemkv"; + }; + }; +} diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index faf6f580..73876f41 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -1,6 +1,7 @@ # this folder container modules that are for home manager only {...}: { imports = [ + ./sops.nix ./user.nix ./flipperzero.nix ./i18n.nix diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index c1040bb8..eca059dd 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -7,6 +7,12 @@ }: { options.programs.makemkv = { enable = lib.mkEnableOption "enable makemkv"; + appKeyFile = lib.mkOption { + type = lib.types.str; + }; + destinationDir = lib.mkOption { + type = lib.types.str; + }; }; config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [ @@ -14,11 +20,22 @@ home.packages = with pkgs; [ makemkv ]; - # TODO: write config file for makemkv + + sops.templates."MakeMKV.settings.conf".content = '' + app_DestinationDir = "${config.programs.makemkv.destinationDir}" + app_DestinationType = "2" + app_Key = "${config.programs.makemkv.appKeyFile}" + ''; + + home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path; } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for makemkv + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".MakeMKV" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/sops.nix b/modules/home-manager-modules/sops.nix new file mode 100644 index 00000000..910fbb6f --- /dev/null +++ b/modules/home-manager-modules/sops.nix @@ -0,0 +1,7 @@ +{...}: { + config = { + sops = { + age.keyFile = "/var/lib/sops-nix/key.txt"; + }; + }; +} From 033cc6bc2202749421defbda249c0568f4816899 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 18:43:22 -0500 Subject: [PATCH 713/932] removed outdated note --- configurations/home-manager/leyla/packages/firefox.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index f9787b96..1613cb3b 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -339,6 +339,5 @@ }; }; }; - # TODO: impermanence module, prob in home-manager-modules? }; } From ca01e667a197e5175c903689d67aa79201539608 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 20:50:15 -0500 Subject: [PATCH 714/932] added more application persistence configurations --- modules/home-manager-modules/programs/obsidian.nix | 6 +++++- modules/home-manager-modules/programs/prostudiomasters.nix | 6 +++++- modules/home-manager-modules/programs/protonvpn.nix | 7 ++++++- modules/home-manager-modules/programs/qbittorrent.nix | 6 +++++- modules/home-manager-modules/programs/signal.nix | 6 +++++- 5 files changed, 26 insertions(+), 5 deletions(-) diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 9dd92994..d2d9c77e 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -7,7 +7,11 @@ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for obsidian + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/obsidian" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 4481f5b7..372cfc63 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -17,7 +17,11 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for prostudiomasters + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/ProStudioMasters" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index 1ddedc70..9a0ee65c 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -17,7 +17,12 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for protonvpn + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/protonvpn" + ".config/Proton" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 1e98c3ea..5d22c898 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -17,7 +17,11 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for qbittorrent + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/qBittorrent" + ]; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index 4eb0f376..d75b8a68 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -17,7 +17,11 @@ } ( lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for signal + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + ".config/Signal" + ]; + }; } ) ]); From 28ac8a4fa46b5a50f3cfb115fd0af84ff8a636ba Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 20:54:47 -0500 Subject: [PATCH 715/932] fixed home directory starts --- modules/home-manager-modules/programs/anki.nix | 2 +- modules/home-manager-modules/programs/bitwarden.nix | 2 +- modules/home-manager-modules/programs/bruno.nix | 2 +- modules/home-manager-modules/programs/calibre.nix | 2 +- modules/home-manager-modules/programs/idea.nix | 6 +++--- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 13e28c97..0e3ebdfd 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.local/share/Anki2" + ".local/share/Anki2" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 0265488a..117e3029 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/Bitwarden" + ".config/Bitwarden" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 3323e5b1..20b0ce65 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/bruno/" + ".config/bruno/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index c26cd5e3..3d6e9dbf 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/calibre" + ".config/calibre" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index f4edf120..8f2768eb 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -20,11 +20,11 @@ home.persistence."/persist${config.home.homeDirectory}" = { directories = [ # configuration - "~/.config/JetBrains/" + ".config/JetBrains/" # plugins - "~/.local/share/JetBrains/" + ".local/share/JetBrains/" # System and Logs - "~/.cache/JetBrains/" + ".cache/JetBrains/" ]; }; } From 8c4bd4291ddd893ad2cd07a84d551ffd3d67c0f1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 21:00:04 -0500 Subject: [PATCH 716/932] updated paths to be based on xdg configurations --- configurations/home-manager/leyla/default.nix | 8 ++++++-- configurations/home-manager/leyla/impermanence.nix | 5 +++-- modules/home-manager-modules/programs/anki.nix | 2 +- modules/home-manager-modules/programs/bitwarden.nix | 2 +- modules/home-manager-modules/programs/bruno.nix | 2 +- modules/home-manager-modules/programs/calibre.nix | 2 +- modules/home-manager-modules/programs/dbeaver.nix | 2 +- modules/home-manager-modules/programs/discord.nix | 2 +- modules/home-manager-modules/programs/idea.nix | 6 +++--- modules/home-manager-modules/programs/obsidian.nix | 2 +- .../home-manager-modules/programs/prostudiomasters.nix | 2 +- modules/home-manager-modules/programs/protonvpn.nix | 4 ++-- modules/home-manager-modules/programs/qbittorrent.nix | 2 +- modules/home-manager-modules/programs/signal.nix | 2 +- 14 files changed, 24 insertions(+), 19 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index d7cecc47..49abfe1f 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,4 +1,8 @@ -{osConfig, ...}: { +{ + config, + osConfig, + ... +}: { imports = [ ./packages ./i18n.nix @@ -35,7 +39,7 @@ # org.gradle.console=verbose # org.gradle.daemon.idletimeout=3600000 # ''; - ".config/user-dirs.dirs" = { + "${config.xdg.configHome}/user-dirs.dirs" = { force = true; text = '' # This file is written by xdg-user-dirs-update diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 29936b51..ceab7754 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -1,5 +1,6 @@ { lib, + config, osConfig, ... }: { @@ -10,13 +11,13 @@ "downloads" "documents" { - directory = ".local/share/Steam"; + directory = "${config.xdg.dataHome}/Steam"; method = "symlink"; } ]; files = [ ".bash_history" # keep shell history around - ".local/share/recently-used.xbel" # gnome recently viewed files + "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 0e3ebdfd..083d205a 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".local/share/Anki2" + "${config.xdg.dataHome}/Anki2/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 117e3029..b9b91c41 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/Bitwarden" + "${config.xdg.configHome}/Bitwarden" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 20b0ce65..00b248f5 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/bruno/" + "${config.xdg.configHome}/bruno/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 3d6e9dbf..9e5f34e3 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/calibre" + "${config.xdg.configHome}/calibre" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index 26dcc52e..a9624594 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.local/share/DBeaverData/" + "${config.xdg.dataHome}/DBeaverData/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index a7cbb5fd..e8605a51 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - "~/.config/discord/" + "${config.xdg.configHome}/discord/" ]; allowOther = true; }; diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index 8f2768eb..f0a928cd 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -20,11 +20,11 @@ home.persistence."/persist${config.home.homeDirectory}" = { directories = [ # configuration - ".config/JetBrains/" + "${config.xdg.configHome}/JetBrains/" # plugins - ".local/share/JetBrains/" + "${config.xdg.dataHome}/JetBrains/" # System and Logs - ".cache/JetBrains/" + "${config.xdg.cacheHome}/JetBrains/" ]; }; } diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index d2d9c77e..4d28b3e7 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -9,7 +9,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/obsidian" + "${config.xdg.configHome}/obsidian" ]; }; } diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 372cfc63..9e6088f0 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/ProStudioMasters" + "${config.xdg.configHome}/ProStudioMasters" ]; }; } diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index 9a0ee65c..dd11aae7 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -19,8 +19,8 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/protonvpn" - ".config/Proton" + "${config.xdg.configHome}/protonvpn" + "${config.xdg.configHome}/Proton" ]; }; } diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 5d22c898..02e23df8 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/qBittorrent" + "${config.xdg.configHome}/qBittorrent" ]; }; } diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index d75b8a68..fdf0af9e 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -19,7 +19,7 @@ lib.mkIf osConfig.host.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".config/Signal" + "${config.xdg.configHome}/Signal" ]; }; } From fc294686bac331f7311fbb7987e58c5550eccad6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 4 Jun 2025 22:57:14 -0500 Subject: [PATCH 717/932] added steam impermanence config --- .../home-manager/leyla/impermanence.nix | 4 --- .../home-manager-modules/programs/steam.nix | 30 +++++++++++++++---- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index ceab7754..041bff8d 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -10,10 +10,6 @@ "desktop" "downloads" "documents" - { - directory = "${config.xdg.dataHome}/Steam"; - method = "symlink"; - } ]; files = [ ".bash_history" # keep shell history around diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 551cb5d6..46611514 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -2,18 +2,36 @@ lib, pkgs, config, + osConfig, ... }: { options.programs.steam = { enable = lib.mkEnableOption "enable steam"; }; - config = lib.mkIf config.programs.steam.enable { - home.packages = with pkgs; [ - steam - steam.run - ]; - }; + config = lib.mkIf config.programs.steam.enable ( + lib.mkMerge [ + { + home.packages = with pkgs; [ + steam + steam.run + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + { + directory = "${config.xdg.dataHome}/Steam"; + method = "symlink"; + } + ]; + allowOther = true; + }; + } + ) + ] + ); # TODO: bind impermanence config } From 6c7b40e10e0c2181018b05e089b7d18fb6216a1d Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 5 Jun 2025 04:40:13 +0000 Subject: [PATCH 718/932] fixed eve not importing packages.nix --- configurations/home-manager/eve/default.nix | 6 +++--- configurations/home-manager/eve/packages.nix | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 0ab0c592..52a70a60 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -1,9 +1,9 @@ {osConfig, ...}: let userConfig = osConfig.host.users.eve; in { - nixpkgs.config = { - allowUnfree = true; - }; + imports = [ + ./packages.nix + ]; home = { username = userConfig.name; diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 30fc361c..6edfa37e 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -8,6 +8,10 @@ userConfig = osConfig.host.users.eve; in { config = { + nixpkgs.config = { + allowUnfree = true; + }; + # Packages that can be installed without any extra configuration # See https://search.nixos.org/packages for all options home.packages = lib.lists.optionals userConfig.isDesktopUser ( From 98a1d1da6098a5517b2361fb9e4899f59f1c0534 Mon Sep 17 00:00:00 2001 From: Eve Date: Thu, 5 Jun 2025 04:53:30 +0000 Subject: [PATCH 719/932] added piper for user eve --- configurations/home-manager/eve/packages.nix | 2 ++ configurations/nixos/emergent/configuration.nix | 3 +++ 2 files changed, 5 insertions(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 6edfa37e..c6e38f9d 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -6,6 +6,7 @@ ... }: let userConfig = osConfig.host.users.eve; + hardware = osConfig.host.hardware; in { config = { nixpkgs.config = { @@ -17,6 +18,7 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ ungoogled-chromium + (lib.mkIf hardware.piperMouse.enable piper) ] ); diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index c75c162e..c42c97ee 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -49,6 +49,9 @@ isPrincipleUser = true; }; }; + hardware = { + piperMouse.enable = true; + }; storage = { enable = true; From b3918c8105074b741c995cab63e0cf84c487405d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 5 Jun 2025 14:04:52 -0500 Subject: [PATCH 720/932] added dconf-editor to devShell --- flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake.nix b/flake.nix index 7896d604..71acc377 100644 --- a/flake.nix +++ b/flake.nix @@ -150,6 +150,8 @@ nixos-anywhere # for updating disko configurations disko + # for viewing dconf entries + dconf-editor ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; From 616baf3baf19dccbf2d484ff17e3f0fdbc325f3a Mon Sep 17 00:00:00 2001 From: Eve Date: Fri, 6 Jun 2025 03:46:45 +0000 Subject: [PATCH 721/932] disabled wayland in theory --- configurations/nixos/emergent/nvidia-drivers.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index fd569b3a..fb66cf66 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -10,7 +10,14 @@ }; # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; + services = { + xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + }; + # Use X instead of wayland + displayManager.gdm.wayland = false; + }; hardware.nvidia = { # Modesetting is required. From 95e500593e898aa8e581243dec4ca79449f916ff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 8 Jun 2025 11:48:18 -0500 Subject: [PATCH 722/932] enabled wacom on emergent --- configurations/home-manager/eve/packages.nix | 1 + configurations/nixos/emergent/configuration.nix | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index c6e38f9d..0e829598 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -18,6 +18,7 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ ungoogled-chromium + krita (lib.mkIf hardware.piperMouse.enable piper) ] ); diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index c42c97ee..90aecabd 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -36,6 +36,11 @@ # Enable the X11 windowing system. services.xserver.enable = true; + # Enable wacom touchscreen device + services.xserver.wacom.enable = true; + + # installed opentabletdriver + hardware.opentabletdriver.enable = true; # Enable the GNOME Desktop Environment. services.displayManager.gdm.enable = true; From 1e0eda06b60e57de81ed566630ee3b7a881fa79b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 19:52:25 -0500 Subject: [PATCH 723/932] switched ollama persistence directory --- modules/nixos-modules/ollama.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 8f194cfd..2de3ea1d 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -38,7 +38,7 @@ group = config.services.ollama.group; } { - directory = "/var/lib/private/ollama"; + directory = "/var/lib/ollama"; user = config.services.ollama.user; group = config.services.ollama.group; mode = "0700"; From 0476afb47195c0aa83a43ad3df8358d438e37e98 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 20:07:39 -0500 Subject: [PATCH 724/932] switched ollama persistence directory --- modules/nixos-modules/ollama.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 2de3ea1d..95071905 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -36,9 +36,11 @@ directory = config.services.ollama.models; user = config.services.ollama.user; group = config.services.ollama.group; + mode = "0700"; + defaultPerms.mode = "0700"; } { - directory = "/var/lib/ollama"; + directory = "/var/lib/private/ollama"; user = config.services.ollama.user; group = config.services.ollama.group; mode = "0700"; From 52a1d97fd484e19a7971289505dd2b44d78b7ee6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 23:36:29 -0500 Subject: [PATCH 725/932] drafted out entangled worlds mod --- flake.lock | 23 +++++++++- flake.nix | 5 ++ modules/common-modules/overlays/default.nix | 5 +- modules/common-modules/pkgs/default.nix | 3 ++ .../pkgs/noita-entangled-worlds.nix | 46 +++++++++++++++++++ 5 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 modules/common-modules/pkgs/noita-entangled-worlds.nix diff --git a/flake.lock b/flake.lock index 636f7469..f5f5ca0c 100644 --- a/flake.lock +++ b/flake.lock @@ -286,7 +286,8 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "steam-fetcher": "steam-fetcher" } }, "secrets": { @@ -325,6 +326,26 @@ "type": "github" } }, + "steam-fetcher": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714795926, + "narHash": "sha256-PkgC9jqoN6cJ8XYzTA2PlrWs7aPJkM3BGiTxNqax0cA=", + "owner": "nix-community", + "repo": "steam-fetcher", + "rev": "12f66eafb7862d91b3e30c14035f96a21941bd9c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "steam-fetcher", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 71acc377..651a210a 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,11 @@ flake-compat = { url = "github:edolstra/flake-compat"; }; + + steam-fetcher = { + url = "github:nix-community/steam-fetcher"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 08085f5f..1fab0601 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -1,3 +1,6 @@ # this folder is for derivation overlays -{...}: { +{inputs, ...}: { + nixpkgs.overlays = [ + inputs.steam-fetcher.overlays.default + ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 208ee246..71431d92 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -13,5 +13,8 @@ ./prostudiomasters.nix {}; }) + (final: prev: { + noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/noita-entangled-worlds.nix b/modules/common-modules/pkgs/noita-entangled-worlds.nix new file mode 100644 index 00000000..322ce418 --- /dev/null +++ b/modules/common-modules/pkgs/noita-entangled-worlds.nix @@ -0,0 +1,46 @@ +# not working yet +{ + pkgs, + rustPlatform, + fetchFromGitHub, + ... +}: let + version = "1.5.3"; + repo = fetchFromGitHub { + owner = "IntQuant"; + repo = "noita_entangled_worlds"; + rev = "v${version}"; + hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk="; + }; +in + rustPlatform.buildRustPackage { + name = "noita-proxy-${version}"; + src = repo + "/noita-proxy"; + prePatch = '' + substituteInPlace Cargo.toml \ + --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\"" + ''; + nativeBuildInputs = with pkgs; [ + pkg-config + python3 + cmake + ]; + buildInputs = with pkgs; [ + openssl + openssl.dev + libpulseaudio + libjack2 + alsa-lib + xorg.libxcb + xorg.libxcb.dev + libopus + ]; + propagatedBuildInputs = with pkgs; [ + steamworks-sdk-redist + ]; + runtimeDependencies = with pkgs; [ + steamworks-sdk-redist + ]; + doCheck = false; + cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4="; + } From dbad92ac7522e8cecbc02f5b928f550364af118c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 11 Jun 2025 23:39:07 -0500 Subject: [PATCH 726/932] updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index f5f5ca0c..074fef78 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748832438, - "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", + "lastModified": 1749436314, + "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", "owner": "nix-community", "repo": "disko", - "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", + "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1749009805, - "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=", + "lastModified": 1749701004, + "narHash": "sha256-KeZvDN/OgLsxf6y8jnyNuj3XvnPuBI3i58a4lcElddc=", "owner": "rycee", "repo": "nur-expressions", - "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1", + "rev": "f70d23962d858c8996558ff30e3f0af205fe0f3a", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1749049052, - "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=", + "lastModified": 1749657191, + "narHash": "sha256-QLilaHuhGxiwhgceDWESj9gFcKIdEp7+9lRqNGpN8S4=", "owner": "nix-community", "repo": "home-manager", - "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab", + "rev": "faeab32528a9360e9577ff4082de2d35c6bbe1ce", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1749012745, - "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", + "lastModified": 1749194393, + "narHash": "sha256-vt6hM9DNywnXXuW1qPDLzECmbDcmxhh58wpb0EEQjAo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", + "rev": "19346808c445f23b08652971be198b9df6c33edc", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1749002682, - "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=", + "lastModified": 1749693852, + "narHash": "sha256-ERtalZOvXvhb/ZWrjOGgUVkULUZ197n//cnJz436G6M=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994", + "rev": "8219bf5f17f590d277ec7054b657b1370c7b7fc0", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749056381, - "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", + "lastModified": 1749195551, + "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "029bd66faa180e11262dd1bc2732254c33415f52", + "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1749592509, + "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "50754dfaa0e24e313c626900d44ef431f3210138", "type": "github" }, "original": { From a482a3bfce98eb3eac7c6ca7d00c64f79d16a71a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Jun 2025 10:08:42 -0500 Subject: [PATCH 727/932] updated flake.lock --- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 48 +++++++++---------- rebuild.sh | 2 +- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b9d1b72..4f900c64 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -212,7 +212,7 @@ }; ollama = { - enable = true; + enable = false; exposePort = true; loadModels = [ diff --git a/flake.lock b/flake.lock index 636f7469..0e2a1897 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748832438, - "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", + "lastModified": 1750040002, + "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", "owner": "nix-community", "repo": "disko", - "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", + "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1749009805, - "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=", + "lastModified": 1750305825, + "narHash": "sha256-FHe0sLdEbxUhCZcs/3mJVayBhCAtubm6RvcxkAk19S0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1", + "rev": "1776156a42e27bf5d57f097b14c96246fc81b487", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1749049052, - "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=", + "lastModified": 1750304462, + "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", "owner": "nix-community", "repo": "home-manager", - "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab", + "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1749012745, - "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", + "lastModified": 1750325256, + "narHash": "sha256-vvlxGz/waqJ3TGqM/iqXbnEc7/R1qnEXmaBiPaQ1RE0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", + "rev": "0d71cbf88d63e938b37b85b3bf8b238bcf7b39b9", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1749002682, - "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=", + "lastModified": 1750298804, + "narHash": "sha256-GEp1QwoQ7qQPYuOm5cGb3f5FZSlVwbw86KUrHlLbI2E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994", + "rev": "7b962ab252cecf0b88ae621e1986899e20a4ead3", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749056381, - "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", + "lastModified": 1750083401, + "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "029bd66faa180e11262dd1bc2732254c33415f52", + "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1750134718, + "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", "type": "github" }, "original": { @@ -312,11 +312,11 @@ ] }, "locked": { - "lastModified": 1747603214, - "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", + "lastModified": 1750119275, + "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", + "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", "type": "github" }, "original": { diff --git a/rebuild.sh b/rebuild.sh index 45dae64a..32fd303e 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --use-remote-sudo --flake .#$flake" +command="nixos-rebuild $mode --use-remote-sudo --ask-sudo-password --flake .#$flake" if [[ $host ]]; then From 4aa9778a72791b67d215d69f7d67208014230655 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 19 Jun 2025 10:13:21 -0500 Subject: [PATCH 728/932] merged with main --- flake.lock | 23 +++++++++- flake.nix | 5 ++ modules/common-modules/overlays/default.nix | 5 +- modules/common-modules/pkgs/default.nix | 3 ++ .../pkgs/noita-entangled-worlds.nix | 46 +++++++++++++++++++ 5 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 modules/common-modules/pkgs/noita-entangled-worlds.nix diff --git a/flake.lock b/flake.lock index 0e2a1897..8b181d0b 100644 --- a/flake.lock +++ b/flake.lock @@ -286,7 +286,8 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "secrets": "secrets", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "steam-fetcher": "steam-fetcher" } }, "secrets": { @@ -325,6 +326,26 @@ "type": "github" } }, + "steam-fetcher": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714795926, + "narHash": "sha256-PkgC9jqoN6cJ8XYzTA2PlrWs7aPJkM3BGiTxNqax0cA=", + "owner": "nix-community", + "repo": "steam-fetcher", + "rev": "12f66eafb7862d91b3e30c14035f96a21941bd9c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "steam-fetcher", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 71acc377..651a210a 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,11 @@ flake-compat = { url = "github:edolstra/flake-compat"; }; + + steam-fetcher = { + url = "github:nix-community/steam-fetcher"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 08085f5f..1fab0601 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -1,3 +1,6 @@ # this folder is for derivation overlays -{...}: { +{inputs, ...}: { + nixpkgs.overlays = [ + inputs.steam-fetcher.overlays.default + ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 208ee246..71431d92 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -13,5 +13,8 @@ ./prostudiomasters.nix {}; }) + (final: prev: { + noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/noita-entangled-worlds.nix b/modules/common-modules/pkgs/noita-entangled-worlds.nix new file mode 100644 index 00000000..322ce418 --- /dev/null +++ b/modules/common-modules/pkgs/noita-entangled-worlds.nix @@ -0,0 +1,46 @@ +# not working yet +{ + pkgs, + rustPlatform, + fetchFromGitHub, + ... +}: let + version = "1.5.3"; + repo = fetchFromGitHub { + owner = "IntQuant"; + repo = "noita_entangled_worlds"; + rev = "v${version}"; + hash = "sha256-frrpD0aWTeDbZYtp15R+quUUAZf7OvHlbSLtGJJtAqk="; + }; +in + rustPlatform.buildRustPackage { + name = "noita-proxy-${version}"; + src = repo + "/noita-proxy"; + prePatch = '' + substituteInPlace Cargo.toml \ + --replace "path = \"../shared\"" "path = \"${repo + "/shared"}\"" + ''; + nativeBuildInputs = with pkgs; [ + pkg-config + python3 + cmake + ]; + buildInputs = with pkgs; [ + openssl + openssl.dev + libpulseaudio + libjack2 + alsa-lib + xorg.libxcb + xorg.libxcb.dev + libopus + ]; + propagatedBuildInputs = with pkgs; [ + steamworks-sdk-redist + ]; + runtimeDependencies = with pkgs; [ + steamworks-sdk-redist + ]; + doCheck = false; + cargoHash = "sha256-TzUS6d6PopgGf2i1yVaXaXdzNrvfSz+Gv67BAtxYmb4="; + } From 317ca751190fa033e08d5bb11c5981fd84bd21ee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Jun 2025 05:59:34 -0500 Subject: [PATCH 729/932] fixed environment.gnome.excludePackages --- modules/nixos-modules/desktop.nix | 39 +++++++++++++++---------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 323b7ccd..371e2629 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -11,6 +11,25 @@ host.desktop.enable = lib.mkDefault true; } (lib.mkIf config.host.desktop.enable { + environment.gnome.excludePackages = with pkgs; [ + xterm # default terminal + atomix # puzzle game + cheese # webcam tool + epiphany # web browser + geary # email reader + gedit # text editor + gnome-characters + gnome-music + gnome-photos + gnome-tour + gnome-logs + gnome-maps + hitori # sudoku game + iagno # go game + tali # poker game + yelp # help viewer + gnome-tour # welcome tour + ]; services = { # Enable CUPS to print documents. printing.enable = true; @@ -21,24 +40,6 @@ # Get rid of xTerm desktopManager.xterm.enable = false; - excludePackages = with pkgs; [ - xterm - atomix # puzzle game - cheese # webcam tool - epiphany # web browser - geary # email reader - gedit # text editor - gnome-characters - gnome-music - gnome-photos - gnome-tour - gnome-logs - gnome-maps - hitori # sudoku game - iagno # go game - tali # poker game - yelp # help viewer - ]; }; # Enable the GNOME Desktop Environment. @@ -68,8 +69,6 @@ # enable RealtimeKit for pulse audio security.rtkit.enable = true; - # disable welcome tour - environment.gnome.excludePackages = [pkgs.gnome-tour]; }) ]; } From 173b1e3050e8ae82703843efef918ad2584acec5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Jun 2025 06:01:53 -0500 Subject: [PATCH 730/932] added comments to excluded packages --- modules/nixos-modules/desktop.nix | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 371e2629..d128f9bd 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -18,17 +18,16 @@ epiphany # web browser geary # email reader gedit # text editor - gnome-characters - gnome-music - gnome-photos - gnome-tour - gnome-logs - gnome-maps + gnome-characters # character set viewer + gnome-music # music player + gnome-photos # photo viewer + gnome-logs # log viwer + gnome-maps # map viewer + gnome-tour # welcome tour hitori # sudoku game iagno # go game tali # poker game yelp # help viewer - gnome-tour # welcome tour ]; services = { # Enable CUPS to print documents. From 9daa44c873eb833f655fd0cb1367659958ef9c5e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 21 Jun 2025 06:09:58 -0500 Subject: [PATCH 731/932] added baobab to excluded packages --- modules/nixos-modules/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index d128f9bd..900aacf6 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -18,6 +18,7 @@ epiphany # web browser geary # email reader gedit # text editor + decibels # audio player gnome-characters # character set viewer gnome-music # music player gnome-photos # photo viewer From 025eaa935a3fe46ad594bed1c24d00c2c22fce23 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Jun 2025 18:48:59 -0500 Subject: [PATCH 732/932] enabled ollama on defiant --- configurations/nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/ollama.nix | 12 ++++-------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 4f900c64..0b9d1b72 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -212,7 +212,7 @@ }; ollama = { - enable = false; + enable = true; exposePort = true; loadModels = [ diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index 95071905..a29a9aa4 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -28,23 +28,19 @@ }; })) (lib.mkIf config.host.impermanence.enable { + # TODO: move this somewhere common + systemd.tmpfiles.rules = [ + "d /var/lib/private 0700 root root" + ]; environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; directories = [ - { - directory = config.services.ollama.models; - user = config.services.ollama.user; - group = config.services.ollama.group; - mode = "0700"; - defaultPerms.mode = "0700"; - } { directory = "/var/lib/private/ollama"; user = config.services.ollama.user; group = config.services.ollama.group; mode = "0700"; - defaultPerms.mode = "0700"; } ]; }; From b7cfcfef7db3553009d355ea74eccf18f3b7a784 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Jun 2025 20:10:25 -0500 Subject: [PATCH 733/932] limit zfs arc to 50gb --- configurations/nixos/defiant/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b9d1b72..7d9c6d8e 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -192,6 +192,9 @@ }; }; + # limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory + boot.kernelParams = ["zfs.zfs_arc_max=53687091200"]; + services = { # TODO: move zfs scrubbing into module zfs = { @@ -215,6 +218,8 @@ enable = true; exposePort = true; + acceleration = false; + loadModels = [ # conversation models "llama3.1:8b" From b5d292f20e92fa5fd0793b5771066c553049cd9b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 22 Jun 2025 21:03:23 -0500 Subject: [PATCH 734/932] made horizon use models from defiant --- configurations/nixos/horizon/configuration.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index f72b2648..42dcbb9d 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -42,43 +42,43 @@ enable = true; models = { "Llama 3.1 8B" = { - model = "lamma3.1:8b"; + model = "llama3.1:8b"; roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek Coder:6.7B" = { model = "deepseek-coder:6.7b"; roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek Coder:33B" = { model = "deepseek-coder:33b"; roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek r1:8B" = { model = "deepseek-r1:8b"; roles = ["chat"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "Deepseek r1:32B" = { model = "deepseek-r1:32b"; roles = ["chat"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "qwen2.5-coder:1.5b-base" = { model = "qwen2.5-coder:1.5b-base"; roles = ["autocomplete"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; "nomic-embed-text:latest" = { model = "nomic-embed-text:latest"; roles = ["embed"]; - apiBase = "http://twilight:11434"; + apiBase = "http://defiant:11434"; }; }; }; From 5c4e677fe880ab2325e223a783498bc5c1b5a5ad Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Jun 2025 15:40:03 -0500 Subject: [PATCH 735/932] added gdx-liftoff package --- .../home-manager/leyla/packages/default.nix | 2 + modules/common-modules/pkgs/default.nix | 3 ++ modules/common-modules/pkgs/gdx-liftoff.nix | 45 +++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 modules/common-modules/pkgs/gdx-liftoff.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 4acfaf1f..bbd81523 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -95,6 +95,8 @@ in { pdfarranger picard + gdx-liftoff + # proprietary platforms (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 71431d92..e9553544 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -16,5 +16,8 @@ (final: prev: { noita_entangled_worlds = pkgs.callPackage ./noita-entangled-worlds.nix {}; }) + (final: prev: { + gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix new file mode 100644 index 00000000..c2925440 --- /dev/null +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -0,0 +1,45 @@ +{ + udev, + stdenv, + fetchurl, + makeWrapper, + jre_headless, + lib, + xorg, + libGL, + ... +}: +stdenv.mkDerivation rec { + pname = "gdx-liftoff"; + version = "1.13.5.1"; + + src = fetchurl { + url = "https://github.com/libgdx/gdx-liftoff/releases/download/v${version}/gdx-liftoff-${version}.jar"; + hash = "sha256-9vCXGNGwI/P4VmcdIzTv2GPAX8bZb7nkfopaRAf6yMA="; + }; + + dontUnpack = true; + + nativeBuildInputs = [makeWrapper]; + + runtimeDependencies = lib.makeLibraryPath [ + # glfw + libGL + xorg.libX11 + xorg.libXcursor + xorg.libXext + xorg.libXrandr + xorg.libXxf86vm + ]; + + installPhase = '' + runHook preInstall + + install -Dm644 $src $out/lib/gdx-liftoff-${version}.jar + + makeWrapper ${lib.getExe jre_headless} $out/bin/gdx-liftoff-${version} \ + --append-flags "-jar $out/lib/gdx-liftoff-${version}.jar"\ + ${lib.optionalString stdenv.hostPlatform.isLinux "--prefix LD_LIBRARY_PATH : ${runtimeDependencies}"} + runHook postInstall + ''; +} From b4755365bad4276bbf5236ab843496037e7dbc08 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Jun 2025 15:42:07 -0500 Subject: [PATCH 736/932] removed unused param --- modules/common-modules/pkgs/gdx-liftoff.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix index c2925440..3df7be8c 100644 --- a/modules/common-modules/pkgs/gdx-liftoff.nix +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -1,5 +1,4 @@ { - udev, stdenv, fetchurl, makeWrapper, From fb757e9d1c83f254bd072a71ecd35f18b0acc882 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 23 Jun 2025 17:01:25 -0500 Subject: [PATCH 737/932] switched to JDK for gdx --- modules/common-modules/pkgs/gdx-liftoff.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix index 3df7be8c..d2e94241 100644 --- a/modules/common-modules/pkgs/gdx-liftoff.nix +++ b/modules/common-modules/pkgs/gdx-liftoff.nix @@ -2,7 +2,7 @@ stdenv, fetchurl, makeWrapper, - jre_headless, + jdk, lib, xorg, libGL, @@ -36,7 +36,7 @@ stdenv.mkDerivation rec { install -Dm644 $src $out/lib/gdx-liftoff-${version}.jar - makeWrapper ${lib.getExe jre_headless} $out/bin/gdx-liftoff-${version} \ + makeWrapper ${lib.getExe jdk} $out/bin/gdx-liftoff-${version} \ --append-flags "-jar $out/lib/gdx-liftoff-${version}.jar"\ ${lib.optionalString stdenv.hostPlatform.isLinux "--prefix LD_LIBRARY_PATH : ${runtimeDependencies}"} runHook postInstall From 5ac103230a79d63616781280e4ca9524f44cb9c6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 24 Jun 2025 10:53:51 -0500 Subject: [PATCH 738/932] updated flake lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 8b181d0b..2d00dff6 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750040002, - "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", + "lastModified": 1750680230, + "narHash": "sha256-kD88T/NqmcgfOBFAwphN30ccaUdj6K6+LG0XdM2w2LA=", "owner": "nix-community", "repo": "disko", - "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", + "rev": "8fd2d6c75009ac75f9a6fb18c33a239806778d01", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1750305825, - "narHash": "sha256-FHe0sLdEbxUhCZcs/3mJVayBhCAtubm6RvcxkAk19S0=", + "lastModified": 1750737804, + "narHash": "sha256-wClGd2PhxdjjphR6wIgoiDcR+Gfg4/+FyseSOjIIzVU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "1776156a42e27bf5d57f097b14c96246fc81b487", + "rev": "aaaf4fec792bad465ea4a35c0be5bc2a54f33095", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750304462, - "narHash": "sha256-Mj5t4yX05/rXnRqJkpoLZTWqgStB88Mr/fegTRqyiWc=", + "lastModified": 1750730235, + "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", "owner": "nix-community", "repo": "home-manager", - "rev": "863842639722dd12ae9e37ca83bcb61a63b36f6c", + "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1750325256, - "narHash": "sha256-vvlxGz/waqJ3TGqM/iqXbnEc7/R1qnEXmaBiPaQ1RE0=", + "lastModified": 1750618568, + "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "0d71cbf88d63e938b37b85b3bf8b238bcf7b39b9", + "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1750298804, - "narHash": "sha256-GEp1QwoQ7qQPYuOm5cGb3f5FZSlVwbw86KUrHlLbI2E=", + "lastModified": 1750730765, + "narHash": "sha256-MIcOcvxqAXUv2TJjf19aVXdtVrD8Gkcfi4W4pKkT0Lw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7b962ab252cecf0b88ae621e1986899e20a4ead3", + "rev": "1a1442e13dc1730de0443f80dcf02658365e999a", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750083401, - "narHash": "sha256-ynqbgIYrg7P1fAKYqe8I/PMiLABBcNDYG9YaAP/d/C4=", + "lastModified": 1750431636, + "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "61837d2a33ccc1582c5fabb7bf9130d39fee59ad", + "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750134718, - "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", "type": "github" }, "original": { From 117b30f8557a62b3eea15a8ea51990ff3ca87bcc Mon Sep 17 00:00:00 2001 From: Eve Date: Tue, 24 Jun 2025 21:43:43 -0500 Subject: [PATCH 739/932] created module to add dconf changes. tried to add dash-to-panel in this module, unsure if it worked --- configurations/home-manager/eve/default.nix | 1 + configurations/home-manager/eve/gnomeconf.nix | 12 ++++++++++++ configurations/home-manager/eve/packages.nix | 1 + 3 files changed, 14 insertions(+) create mode 100644 configurations/home-manager/eve/gnomeconf.nix diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix index 52a70a60..192c9807 100644 --- a/configurations/home-manager/eve/default.nix +++ b/configurations/home-manager/eve/default.nix @@ -3,6 +3,7 @@ in { imports = [ ./packages.nix + ./gnomeconf.nix ]; home = { diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix new file mode 100644 index 00000000..fbad391d --- /dev/null +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -0,0 +1,12 @@ +{pkgs, ...}: { + config = { + dconf = { + enable = true; + settings = { + "org/gnome/shell".enabled-extensions = [ + pkgs.gnomeExtensions.dash-to-panel.extensionUuid + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 0e829598..295597aa 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -19,6 +19,7 @@ in { with pkgs; [ ungoogled-chromium krita + gnomeExtensions.dash-to-panel (lib.mkIf hardware.piperMouse.enable piper) ] ); From 4825c5ec5ed5287f208dab10e109037a30d66b81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 13:32:07 -0500 Subject: [PATCH 740/932] made common configuration place for gnome extensions --- configurations/home-manager/leyla/dconf.nix | 20 +++++---------- .../home-manager/leyla/packages/default.nix | 2 -- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/gnome.nix | 25 +++++++++++++++++++ 4 files changed, 32 insertions(+), 16 deletions(-) create mode 100644 modules/home-manager-modules/gnome.nix diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 58186416..08fd36f2 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,5 +1,11 @@ {pkgs, ...}: { config = { + gnome = { + extensions = [ + pkgs.gnomeExtensions.dash-to-dock + ]; + }; + dconf = { enable = true; settings = { @@ -7,20 +13,6 @@ "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; - "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index bbd81523..63f9661e 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -69,8 +69,6 @@ in { (with pkgs; [ aileron - gnomeExtensions.dash-to-dock - proxmark3 ]) ++ ( diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 73876f41..f83f143c 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -7,6 +7,7 @@ ./i18n.nix ./openssh.nix ./continue.nix + ./gnome.nix ./programs ]; } diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix new file mode 100644 index 00000000..a8503e86 --- /dev/null +++ b/modules/home-manager-modules/gnome.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: { + options.gnome = { + extensions = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = []; + description = "The set of extensions to install and enable in the user environment."; + }; + }; + + config = { + home.packages = config.gnome.extensions; + dconf = { + settings = { + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + }; + }; + }; + }; +} From 7c61f8617b19cd6f730b2200819815ca214ec34d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 14:30:12 -0500 Subject: [PATCH 741/932] created hotkey generator --- configurations/home-manager/leyla/dconf.nix | 12 +++---- modules/home-manager-modules/gnome.nix | 40 +++++++++++++++++---- 2 files changed, 40 insertions(+), 12 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 08fd36f2..847977d8 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -4,6 +4,12 @@ extensions = [ pkgs.gnomeExtensions.dash-to-dock ]; + hotkeys = { + "Open Terminal" = { + binding = "t"; + command = "kgx"; + }; + }; }; dconf = { @@ -27,12 +33,6 @@ ]; }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index a8503e86..531ad86a 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -9,17 +9,45 @@ default = []; description = "The set of extensions to install and enable in the user environment."; }; + hotkeys = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + binding = lib.mkOption { + type = lib.types.str; + }; + command = lib.mkOption { + type = lib.types.str; + }; + }; + })); + default = {}; + }; }; config = { home.packages = config.gnome.extensions; dconf = { - settings = { - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; - }; - }; + settings = lib.mkMerge [ + { + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + }; + } + ( + builtins.listToAttrs ( + lib.lists.imap0 ( + i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + ) + (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) + ) + ) + # "org/gnome/settings-daemon/plugins/media-keys" = { + # custom-keybindings = [ + # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + # ]; + # }; + ]; }; }; } From f8aa299e16fc02bea2f7a4b1f0584ce2b67540ea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 17:27:18 -0500 Subject: [PATCH 742/932] fixed hotkey config --- configurations/home-manager/leyla/dconf.nix | 6 ----- modules/home-manager-modules/gnome.nix | 30 ++++++++++++++++++--- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 847977d8..0e4a6a7b 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -27,12 +27,6 @@ "show-mounts" = false; }; - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 531ad86a..ace1da7a 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -12,6 +12,10 @@ hotkeys = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + name = lib.mkOption { + type = lib.types.strMatching "[a-zA-Z0-9_-]+"; + default = builtins.replaceStrings [" " "/"] ["_" "-"] name; + }; binding = lib.mkOption { type = lib.types.str; }; @@ -35,13 +39,31 @@ }; } ( - builtins.listToAttrs ( - lib.lists.imap0 ( - i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + lib.mkMerge ( + builtins.map (value: let + entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.name}"; + in { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "${entry}/" + ]; + }; + + ${entry} = value; + }) + ( + lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys ) - (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) ) ) + # ( + # builtins.listToAttrs ( + # lib.lists.imap0 ( + # i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + # ) + # (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) + # ) + # ) # "org/gnome/settings-daemon/plugins/media-keys" = { # custom-keybindings = [ # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" From b3f992f0010578fd53477416ce619ec788c382b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 17:42:37 -0500 Subject: [PATCH 743/932] added more options to gnome.nix --- configurations/home-manager/leyla/dconf.nix | 7 ++-- modules/home-manager-modules/gnome.nix | 36 +++++++++++++++++++++ rebuild.sh | 2 +- 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 0e4a6a7b..ef75db68 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,6 +1,9 @@ {pkgs, ...}: { config = { gnome = { + extraWindowControls = true; + colorScheme = "prefer-dark"; + clockFormat = "24h"; extensions = [ pkgs.gnomeExtensions.dash-to-dock ]; @@ -15,10 +18,6 @@ dconf = { enable = true; settings = { - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - - "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; - "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index ace1da7a..6a01b2bf 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -4,6 +4,36 @@ ... }: { options.gnome = { + extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; + clockFormat = lib.mkOption { + type = lib.types.enum [ + "12h" + "24h" + ]; + default = "24h"; + }; + colorScheme = lib.mkOption { + type = lib.types.enum [ + "default" + "prefer-dark" + "prefer-light" + ]; + default = "default"; + }; + accentColor = lib.mkOption { + type = lib.types.enum [ + "blue" + "teal" + "green" + "yellow" + "orange" + "red" + "pink" + "purple" + "slate" + ]; + default = "blue"; + }; extensions = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; @@ -37,6 +67,12 @@ disable-user-extensions = false; # enables user extensions enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; }; + + "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; + + "org/gnome/desktop/interface".color-scheme = config.gnome.colorScheme; + "org/gnome/desktop/interface".accent-color = config.gnome.accentColor; + "org/gnome/desktop/interface".clock-format = config.gnome.clockFormat; } ( lib.mkMerge ( diff --git a/rebuild.sh b/rebuild.sh index 32fd303e..37b6e10a 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --use-remote-sudo --ask-sudo-password --flake .#$flake" +command="nixos-rebuild $mode --sudo --flake .#$flake" if [[ $host ]]; then From 4c0c443048dd178eebe0331c3c07d5a1344a5024 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 18:35:51 -0500 Subject: [PATCH 744/932] fixed hotkeys --- modules/home-manager-modules/gnome.nix | 37 +++++++++++--------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 6a01b2bf..8c70cf6c 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -42,9 +42,13 @@ hotkeys = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + key = lib.mkOption { + type = lib.types.strMatching "[a-zA-Z0-9-]+"; + default = builtins.replaceStrings [" " "/" "_"] ["-" "-" "-"] name; + }; name = lib.mkOption { - type = lib.types.strMatching "[a-zA-Z0-9_-]+"; - default = builtins.replaceStrings [" " "/"] ["_" "-"] name; + type = lib.types.str; + default = name; }; binding = lib.mkOption { type = lib.types.str; @@ -77,34 +81,25 @@ ( lib.mkMerge ( builtins.map (value: let - entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.name}"; + entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.key}"; in { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "${entry}/" - ]; + ${entry} = { + binding = value.binding; + command = value.command; + name = value.name; }; - ${entry} = value; + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/${entry}/" + ]; + }; }) ( lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys ) ) ) - # ( - # builtins.listToAttrs ( - # lib.lists.imap0 ( - # i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value - # ) - # (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) - # ) - # ) - # "org/gnome/settings-daemon/plugins/media-keys" = { - # custom-keybindings = [ - # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - # ]; - # }; ]; }; }; From b6ce78b35ceaf833278e2c44e4ada85e356e33d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 28 Jun 2025 10:33:59 -0500 Subject: [PATCH 745/932] updated nix flake --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 2d00dff6..0bea92a7 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750680230, - "narHash": "sha256-kD88T/NqmcgfOBFAwphN30ccaUdj6K6+LG0XdM2w2LA=", + "lastModified": 1750903843, + "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", "owner": "nix-community", "repo": "disko", - "rev": "8fd2d6c75009ac75f9a6fb18c33a239806778d01", + "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1750737804, - "narHash": "sha256-wClGd2PhxdjjphR6wIgoiDcR+Gfg4/+FyseSOjIIzVU=", + "lastModified": 1751083400, + "narHash": "sha256-0hZWDzX7/C0NcsiOW+WBvdb+aGDnydw1xku3UUXzm/4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "aaaf4fec792bad465ea4a35c0be5bc2a54f33095", + "rev": "e805fa9d7c2968712896f71684540dac21449744", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750730235, - "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", + "lastModified": 1750973805, + "narHash": "sha256-BZXgag7I0rnL/HMHAsBz3tQrfKAibpY2vovexl2lS+Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", + "rev": "080e8b48b0318b38143d5865de9334f46d51fce3", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1750730765, - "narHash": "sha256-MIcOcvxqAXUv2TJjf19aVXdtVrD8Gkcfi4W4pKkT0Lw=", + "lastModified": 1751076164, + "narHash": "sha256-to92MoMF7QC2K2gdpkYoN/Y9wuF6Q/qlvNyHca6uPjQ=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1a1442e13dc1730de0443f80dcf02658365e999a", + "rev": "7f443f5e4125f9aad3885542c04653f29b15b92a", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750431636, - "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", + "lastModified": 1750837715, + "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", + "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750506804, - "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "lastModified": 1751011381, + "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", "type": "github" }, "original": { From 4db136d5271d93d680995a5e44406fcc3b47223e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Jun 2025 22:37:38 -0500 Subject: [PATCH 746/932] updated flake lock --- flake.lock | 30 +++++++++++++++--------------- rebuild.sh | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 0bea92a7..7bb221cf 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751083400, - "narHash": "sha256-0hZWDzX7/C0NcsiOW+WBvdb+aGDnydw1xku3UUXzm/4=", + "lastModified": 1751256218, + "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e805fa9d7c2968712896f71684540dac21449744", + "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750973805, - "narHash": "sha256-BZXgag7I0rnL/HMHAsBz3tQrfKAibpY2vovexl2lS+Y=", + "lastModified": 1751336185, + "narHash": "sha256-ptnVr2x+sl7cZcTuGx/0BOE2qCAIYHTcgfA+/h60ml0=", "owner": "nix-community", "repo": "home-manager", - "rev": "080e8b48b0318b38143d5865de9334f46d51fce3", + "rev": "96354906f58464605ff81d2f6c2ea23211cbf051", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1750618568, - "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751076164, - "narHash": "sha256-to92MoMF7QC2K2gdpkYoN/Y9wuF6Q/qlvNyHca6uPjQ=", + "lastModified": 1751336244, + "narHash": "sha256-4fz6Xy9L1/9LXpueprfycJKggWZYPZfQxb5Qf8ay6As=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7f443f5e4125f9aad3885542c04653f29b15b92a", + "rev": "0011bc2bd9af8ee1a093d13c37dc8fa862132c1b", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751011381, - "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", "type": "github" }, "original": { diff --git a/rebuild.sh b/rebuild.sh index 37b6e10a..36a12012 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --sudo --flake .#$flake" +command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" if [[ $host ]]; then From 43ce00703399eea337bceae14fcb2b9586868cb2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 5 Jul 2025 00:01:28 -0500 Subject: [PATCH 747/932] moved impermanence config for var lib private into impermanence module --- modules/nixos-modules/impermanence.nix | 12 ++++++++++++ modules/nixos-modules/ollama.nix | 4 ---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 2f38cd3e..7735e97e 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -25,6 +25,18 @@ } ]; + # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 + system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; + system.activationScripts = { + "var-lib-private-permissions" = { + deps = ["specialfs"]; + text = '' + mkdir -p /persist/system/root/var/lib/private + chmod 0700 /persist/system/root/var/lib/private + ''; + }; + }; + programs.fuse.userAllowOther = true; boot.initrd.postResumeCommands = lib.mkAfter '' diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index a29a9aa4..99819bf5 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -28,10 +28,6 @@ }; })) (lib.mkIf config.host.impermanence.enable { - # TODO: move this somewhere common - systemd.tmpfiles.rules = [ - "d /var/lib/private 0700 root root" - ]; environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; From 84dfcfddbd8ec7f8e81643675f0b6c56dfff40f6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 5 Jul 2025 00:18:00 -0500 Subject: [PATCH 748/932] updated flake lock --- flake.lock | 36 +++++++++---------- .../home-manager-modules/programs/anki.nix | 28 ++++----------- 2 files changed, 25 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 7bb221cf..ee4ebda9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750903843, - "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", + "lastModified": 1751607816, + "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", "owner": "nix-community", "repo": "disko", - "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", + "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751256218, - "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", + "lastModified": 1751688200, + "narHash": "sha256-4W+Bw2G9bTUuvAVS0g1rTdm5jyxxZoPFSSSk3S5yOPQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", + "rev": "7dc9a3c333983e3dcc19eb29b8e98184ef7e51e7", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1751336185, - "narHash": "sha256-ptnVr2x+sl7cZcTuGx/0BOE2qCAIYHTcgfA+/h60ml0=", + "lastModified": 1751690735, + "narHash": "sha256-/FkoEVh6LzzunOYd5yZ2uo4HHzLqaKi6VH2kPus9hk0=", "owner": "nix-community", "repo": "home-manager", - "rev": "96354906f58464605ff81d2f6c2ea23211cbf051", + "rev": "e8da7372fd1f0da3fe3874af3aa9ddd78662d8ae", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751336244, - "narHash": "sha256-4fz6Xy9L1/9LXpueprfycJKggWZYPZfQxb5Qf8ay6As=", + "lastModified": 1751681058, + "narHash": "sha256-b9JMD1j+zqGbrWSobXq4icjOm5tdoy7dWBLSe6WTCSE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0011bc2bd9af8ee1a093d13c37dc8fa862132c1b", + "rev": "0cadf3b87cce52af29c3cc98be8ee81b3c05f2c1", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750837715, - "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", + "lastModified": 1751432711, + "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", + "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1750119275, - "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 083d205a..c2f93ea0 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -1,29 +1,15 @@ { lib, - pkgs, config, osConfig, ... }: { - options.programs.anki = { - enable = lib.mkEnableOption "enable anki"; - }; - - config = lib.mkIf config.programs.anki.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - anki + config = lib.mkIf (config.programs.anki.enable && osConfig.host.impermanence.enable) { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.dataHome}/Anki2/" ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.dataHome}/Anki2/" - ]; - allowOther = true; - }; - } - ) - ]); + allowOther = true; + }; + }; } From 56ef83b4ba8acdfd6f456089b1dc4007123eece7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 17:01:37 -0500 Subject: [PATCH 749/932] updated flake lock and fixed vscode extensions --- .../leyla/packages/vscode/default.nix | 25 +++++-------- flake.lock | 36 +++++++++---------- modules/common-modules/overlays/default.nix | 1 + 3 files changed, 27 insertions(+), 35 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index c21e01d0..74673a07 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -1,7 +1,6 @@ { lib, pkgs, - inputs, config, osConfig, ... @@ -10,22 +9,12 @@ ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { config = lib.mkIf config.user.isDesktopUser { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - programs = { bash.shellAliases = { code = "codium"; }; - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { + vscode = { package = pkgs.vscodium; mutableExtensionsDir = false; @@ -57,12 +46,12 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; + # "continue.telemetryEnabled" = false; }) ]; extensions = ( - with open-vsx; + with pkgs.open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -80,7 +69,7 @@ in { dsznajder.es7-react-js-snippets dbaeumer.vscode-eslint standard.vscode-standard - firsttris.vscode-jest-runner + orta.vscode-jest stylelint.vscode-stylelint tauri-apps.tauri-vscode @@ -101,13 +90,15 @@ in { kamadorueda.alejandra ]) ++ ( - with vscode-marketplace; + with pkgs.vscode-marketplace; [ # js extensions karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue + # continue.continue + github.copilot + github.copilot-chat ]) ) ); diff --git a/flake.lock b/flake.lock index ee4ebda9..a60584d2 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1751607816, - "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", + "lastModified": 1752113600, + "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", "owner": "nix-community", "repo": "disko", - "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", + "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751688200, - "narHash": "sha256-4W+Bw2G9bTUuvAVS0g1rTdm5jyxxZoPFSSSk3S5yOPQ=", + "lastModified": 1752269946, + "narHash": "sha256-vL26J2f9uXvwBNkfwYH1v75VwN22ZLhBcyZeenJwnCU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7dc9a3c333983e3dcc19eb29b8e98184ef7e51e7", + "rev": "9885400dbd82f9b2970b30e18f233404416f7cca", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1751690735, - "narHash": "sha256-/FkoEVh6LzzunOYd5yZ2uo4HHzLqaKi6VH2kPus9hk0=", + "lastModified": 1752265577, + "narHash": "sha256-YhnBM3oknReSFTAuc2SMwekwjl9nDd5PUhcar4DsefM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8da7372fd1f0da3fe3874af3aa9ddd78662d8ae", + "rev": "3976e0507edc9a5f332cb2be93fa20e646d22374", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751681058, - "narHash": "sha256-b9JMD1j+zqGbrWSobXq4icjOm5tdoy7dWBLSe6WTCSE=", + "lastModified": 1752200230, + "narHash": "sha256-WqqWjRX4qZYqO/cgvU/ZEzJBQqHBi17OEVv2kt05WiU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0cadf3b87cce52af29c3cc98be8ee81b3c05f2c1", + "rev": "3c866dfb70d282247452742098d315b97df713d2", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1751432711, - "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", + "lastModified": 1752048960, + "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", + "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 1fab0601..465e83fa 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -2,5 +2,6 @@ {inputs, ...}: { nixpkgs.overlays = [ inputs.steam-fetcher.overlays.default + inputs.nix-vscode-extensions.overlays.default ]; } From 9650c7335a268ab29dd530c870197615a45215d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 18:02:05 -0500 Subject: [PATCH 750/932] installed copilot for vscode --- .../home-manager/leyla/packages/vscode/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 74673a07..8a5e15ea 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -50,8 +50,10 @@ in { }) ]; - extensions = ( - with pkgs.open-vsx; + extensions = let + extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + in ( + with extension-pkgs.open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -90,7 +92,7 @@ in { kamadorueda.alejandra ]) ++ ( - with pkgs.vscode-marketplace; + with extension-pkgs.vscode-marketplace; [ # js extensions karyfoundation.nearley @@ -98,7 +100,7 @@ in { ++ (lib.lists.optionals ai-tooling-enabled [ # continue.continue github.copilot - github.copilot-chat + # github.copilot-chat ]) ) ); From c863b8c4b5a7180d743937710063d8457c4114a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 18:08:06 -0500 Subject: [PATCH 751/932] removed copilot --- .../home-manager/leyla/packages/vscode/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 8a5e15ea..696f7700 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -46,7 +46,7 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - # "continue.telemetryEnabled" = false; + "continue.telemetryEnabled" = false; }) ]; @@ -98,9 +98,7 @@ in { karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - # continue.continue - github.copilot - # github.copilot-chat + continue.continue ]) ) ); From 1d7e0d11f04524827ada4515f49f8447c22c0f16 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 11:53:53 -0500 Subject: [PATCH 752/932] removed continue vscode plugin --- configurations/home-manager/leyla/default.nix | 26 ------- .../leyla/packages/vscode/default.nix | 8 +- modules/home-manager-modules/continue.nix | 73 ------------------- modules/home-manager-modules/default.nix | 1 - 4 files changed, 3 insertions(+), 105 deletions(-) delete mode 100644 modules/home-manager-modules/continue.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 49abfe1f..538eab86 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -82,31 +82,5 @@ # EDITOR = "emacs"; }; }; - - user = { - continue = { - enable = true; - docs = { - "Continue Docs" = { - startUrl = "https://docs.continue.dev"; - }; - "Nixpkgs" = { - startUrl = "https://ryantm.github.io/nixpkgs/#preface"; - }; - "Nix Manual" = { - startUrl = "https://nixos.org/manual/nixos/stable/"; - }; - "Home manager Manual" = { - startUrl = "https://nix-community.github.io/home-manager/"; - }; - "Nix Docs" = { - startUrl = "https://nix.dev/index.html"; - }; - "Linux Man Page" = { - startUrl = "https://linux.die.net/man/"; - }; - }; - }; - }; }; } diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 696f7700..89ee8760 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -6,7 +6,7 @@ ... }: let nix-development-enabled = osConfig.host.nix-development.enable; - ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; + ai-tooling-enabled = osConfig.host.ai.enable; in { config = lib.mkIf config.user.isDesktopUser { programs = { @@ -46,8 +46,7 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; - }) + }) ]; extensions = let @@ -98,8 +97,7 @@ in { karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) + ]) ) ); }; diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix deleted file mode 100644 index 20ec52ba..00000000 --- a/modules/home-manager-modules/continue.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: let - ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; -in { - options.user.continue = { - enable = lib.mkEnableOption "should continue be enabled on this machine"; - docs = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - startUrl = lib.mkOption { - type = lib.types.str; - }; - }; - })); - }; - context = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - provider = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = { - "code" = {}; - "docs" = {}; - "diff" = {}; - "terminal" = {}; - "problems" = {}; - "folder" = {}; - "codebase" = {}; - }; - }; - }; - - config = - lib.mkIf ai-tooling-enabled - (lib.mkMerge [ - { - home = { - file = { - ".continue/config.yaml".source = (pkgs.formats.yaml {}).generate "continue-config" { - name = "Assistant"; - version = "1.0.0"; - schema = "v1"; - models = lib.attrsets.attrValues osConfig.host.ai.models; - context = lib.attrsets.attrValues config.user.continue.context; - docs = lib.attrsets.attrValues config.user.continue.docs; - }; - }; - }; - } - (lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - ".continue/index" - ".continue/sessions" - ]; - allowOther = true; - }; - }) - ]); -} diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index f83f143c..4c085a54 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -6,7 +6,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix - ./continue.nix ./gnome.nix ./programs ]; From 3ce9b625d1630bccef9cf89fe70a0f0c29e21063 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:00:59 -0500 Subject: [PATCH 753/932] fixed home assistant --- .../nixos/defiant/configuration.nix | 9 +- modules/nixos-modules/server/adguardhome.nix | 2 +- modules/nixos-modules/server/default.nix | 2 +- .../nixos-modules/server/home-assistant.nix | 220 +++++++++--------- modules/nixos-modules/server/podman.nix | 2 +- .../server/virt-home-assistant.nix | 155 ------------ 6 files changed, 122 insertions(+), 268 deletions(-) delete mode 100644 modules/nixos-modules/server/virt-home-assistant.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7d9c6d8e..9824e564 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -282,10 +282,11 @@ subdomain = "search"; }; - virt-home-assistant = { - enable = false; - networkBridge = "bond0"; - hostDevice = "0x10c4:0xea60"; + home-assistant = { + enable = true; + subdomain = "home"; + openFirewall = true; + database = "postgres"; }; qbittorrent = { diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix index 866ad8a9..abd1254b 100644 --- a/modules/nixos-modules/server/adguardhome.nix +++ b/modules/nixos-modules/server/adguardhome.nix @@ -6,7 +6,7 @@ dnsPort = 53; in { options.host.adguardhome = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + enable = lib.mkEnableOption "should ad guard home be enabled on this computer"; directory = lib.mkOption { type = lib.types.str; default = "/var/lib/AdGuardHome/"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 7beee8ba..83a08308 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,7 +8,7 @@ ./jellyfin.nix ./forgejo.nix ./searx.nix - ./virt-home-assistant.nix + ./home-assistant.nix ./adguardhome.nix ./immich.nix ./qbittorent.nix diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index a90bd6da..74979954 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,130 +1,138 @@ { lib, config, - inputs, ... }: let configDir = "/var/lib/hass"; + dbUser = "hass"; in { - options.host.home-assistant = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + options.services.home-assistant = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that home-assistant will be hosted at"; default = "home-assistant"; }; + + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; }; - config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ { - virtualisation.libvirt = { - swtpm.enable = true; - connections."qemu:///session" = { - networks = [ - { - definition = inputs.nix-virt.lib.network.writeXML (inputs.nix-virt.lib.network.templates.bridge - { - uuid = "d57e37e2-311f-4e5c-a484-97c2210c2770"; - subnet_byte = 71; - }); - active = true; - } - ]; - domains = [ - { - definition = inputs.nix-virt.lib.domain.writeXML (inputs.nix-virt.lib.domain.templates.linux - { - name = "Home Assistant"; - uuid = "c5cc0efc-6101-4c1d-be31-acbba203ccde"; - memory = { - count = 4; - unit = "GiB"; - }; - # storage_vol = { - # pool = "MyPool"; - # volume = "Penguin.qcow2"; - # }; - }); - } - ]; + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + + proxy_buffering off; + + proxy_read_timeout 90; + ''; }; }; - # systemd.tmpfiles.rules = [ - # "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - # ]; - # services.home-assistant = { - # enable = true; - # configDir = configDir; - # extraComponents = [ - # "met" - # "radio_browser" - # "isal" - # "zha" - # "jellyfin" - # "webostv" - # "tailscale" - # "syncthing" - # "sonos" - # "analytics_insights" - # "unifi" - # "openweathermap" - # ]; - # config = { - # http = { - # server_port = 8082; - # use_x_forwarded_for = true; - # trusted_proxies = ["127.0.0.1" "::1"]; - # ip_ban_enabled = true; - # login_attempts_threshold = 10; - # }; - # # recorder.db_url = "postgresql://@/${db_user}"; - # "automation manual" = []; - # "automation ui" = "!include automations.yaml"; - # }; - # extraPackages = python3Packages: - # with python3Packages; [ - # hassil - # numpy - # gtts - # ]; - # }; - # host = { - # reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { - # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + services.home-assistant = { + configDir = configDir; + extraComponents = [ + "met" + "radio_browser" + "isal" + "zha" + "jellyfin" + "webostv" + "tailscale" + "syncthing" + "sonos" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + recorder.db_url = "postgresql://@/${dbUser}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; - # websockets.enable = true; - # forwardHeaders.enable = true; - - # extraConfig = '' - # add_header Upgrade $http_upgrade; - # add_header Connection \"upgrade\"; - - # proxy_buffering off; - - # proxy_read_timeout 90; - # ''; - # }; - # }; + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; } + (lib.mkIf (config.services.home-assistant.database == "postgres") { + host = { + postgres = { + enable = true; + extraUsers = { + ${dbUser} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${dbUser} = { + name = dbUser; + }; + }; + }; + }; + + services.home-assistant = { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }) (lib.mkIf config.host.impermanence.enable { - # assertions = [ - # { - # assertion = config.services.home-assistant.configDir == configDir; - # message = "home assistant config directory does not match persistence"; - # } - # ]; - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # { - # directory = configDir; - # user = "hass"; - # group = "hass"; - # } - # ]; - # }; + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = configDir; + user = "hass"; + group = "hass"; + } + ]; + }; }) ]); } diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix index e806e65b..9301140f 100644 --- a/modules/nixos-modules/server/podman.nix +++ b/modules/nixos-modules/server/podman.nix @@ -4,7 +4,7 @@ ... }: { options.host.podman = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + enable = lib.mkEnableOption "should podman be enabled on this computer"; macvlan = { subnet = lib.mkOption { type = lib.types.str; diff --git a/modules/nixos-modules/server/virt-home-assistant.nix b/modules/nixos-modules/server/virt-home-assistant.nix deleted file mode 100644 index 42126685..00000000 --- a/modules/nixos-modules/server/virt-home-assistant.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - options.services.virt-home-assistant = { - enable = lib.mkEnableOption "Wether to enable home assistant virtual machine"; - networkBridge = lib.mkOption { - type = lib.types.str; - description = "what network bridge should we attach to the image"; - }; - hostDevice = lib.mkOption { - type = lib.types.str; - description = "what host devices should be attached to the image"; - }; - initialVersion = lib.mkOption { - type = lib.types.str; - description = "what home assistant image version should we pull for initial instal"; - default = "15.0"; - }; - imageName = lib.mkOption { - type = lib.types.str; - description = "where should the image be installed to"; - default = "home-assistant.qcow2"; - }; - installLocation = lib.mkOption { - type = lib.types.str; - description = "where should the image be installed to"; - default = "/etc/hass"; - }; - virtualMachineName = lib.mkOption { - type = lib.types.str; - description = "what name should we give the virtual machine"; - default = "home-assistant"; - }; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - }; - config = lib.mkIf config.services.virt-home-assistant.enable (lib.mkMerge [ - { - # environment.systemPackages = with pkgs; [ - # virt-manager - # ]; - - # TODO: move this to external module and just have an assertion here that its enabled - # enable virtualization on the system - virtualisation = { - libvirtd = { - enable = true; - qemu.ovmf.enable = true; - }; - }; - - # TODO: deactivation script? - # create service to install and start the container - systemd.services.virt-install-home-assistant = let - # TODO: all of these need to be escaped to be used in commands reliably - bridgedNetwork = config.services.virt-home-assistant.networkBridge; - hostDevice = config.services.virt-home-assistant.hostDevice; - virtualMachineName = config.services.virt-home-assistant.virtualMachineName; - imageName = config.services.virt-home-assistant.imageName; - installLocation = config.services.virt-home-assistant.installLocation; - installImage = "${installLocation}/${imageName}"; - initialVersion = config.services.virt-home-assistant.initialVersion; - - home-assistant-qcow2 = pkgs.fetchurl { - name = "home-assistant.qcow2"; - url = "https://github.com/home-assistant/operating-system/releases/download/${initialVersion}/haos_ova-${initialVersion}.qcow2.xz"; - hash = "sha256-V1BEjvvLNbMMKJVyMCmipjQ/3owoJteeVxoF9LDHo1U="; - postFetch = '' - cp $out src.xz - rm -r $out - ${pkgs.xz}/bin/unxz src.xz --stdout > $out/${imageName} - ''; - }; - - # Write a script to install the Home Assistant OS qcow2 image - virtInstallScript = pkgs.writeShellScriptBin "virt-install-hass" '' - # Copy the initial image out of the package store to the install location if we don't have one yet - if [ ! -f ${installImage} ]; then - cp ${home-assistant-qcow2} ${installLocation} - fi - - # Check if VM already exists, and other pre-conditions - if ! ${pkgs.libvirt}/bin/virsh list --all | grep -q ${virtualMachineName}; then - ${pkgs.virt-manager}/bin/virt-install --name ${virtualMachineName} \ - --description "Home Assistant OS" \ - --os-variant=generic \ - --boot uefi \ - --ram=2048 \ - --vcpus=2 \ - --import \ - --disk ${installImage},bus=sata \ - --network bridge=${bridgedNetwork} \ - --host-device ${hostDevice} \ - --graphics none - ${pkgs.libvirt}/bin/virsh autostart ${virtualMachineName} - fi - ''; - in { - description = "Install and start Home Assistant"; - wantedBy = ["multi-user.target"]; - after = ["local-fs.target"]; - requires = ["libvirtd.service"]; - serviceConfig.Type = "oneshot"; - serviceConfig = { - ExecStart = "${virtInstallScript}/bin/virt-install-hass"; - }; - }; - - # TODO: figure out what we need to proxy to the virtual image - # host = { - # reverse_proxy.subdomains.${config.services.virt-home-assistant.subdomain} = { - # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - # websockets.enable = true; - # forwardHeaders.enable = true; - - # extraConfig = '' - # add_header Upgrade $http_upgrade; - # add_header Connection \"upgrade\"; - - # proxy_buffering off; - - # proxy_read_timeout 90; - # ''; - # }; - # }; - } - (lib.mkIf config.services.fail2ban.enable { - # TODO: figure out how to write a config for this, prob based on nginx proxy logs? - }) - (lib.mkIf config.host.impermanence.enable { - # assertions = [ - # { - # assertion = config.services.virt-home-assistant.installLocation == configDir; - # message = "home assistant install location does not match persistence"; - # } - # ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.virt-home-assistant.installLocation; - } - ]; - }; - }) - ]); -} From 644f9371ebfe91fdc535d5b8fad2c8a22e14a994 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:04:44 -0500 Subject: [PATCH 754/932] added home assistant to fail2ban --- modules/nixos-modules/server/fail2ban.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index be83e6fb..1851e33b 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -61,16 +61,16 @@ in { bantime = 600; maxretry = 5; }; - # home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - # enabled = true; - # filter = "hass"; - # action = ''iptables-multiport[name=HTTP, port="http,https"]''; - # logpath = "${config.services.home-assistant.configDir}/*.log"; - # backend = "auto"; - # findtime = 600; - # bantime = 600; - # maxretry = 5; - # }; + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; From 3631ba11a8ee10f53e222f180f252943ca8e7df4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:06:32 -0500 Subject: [PATCH 755/932] removed unused parts of configuration --- .../nixos/defiant/configuration.nix | 7 -- modules/nixos-modules/server/adguardhome.nix | 72 ------------------- modules/nixos-modules/server/default.nix | 1 - 3 files changed, 80 deletions(-) delete mode 100644 modules/nixos-modules/server/adguardhome.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9824e564..2b221ab6 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -109,13 +109,6 @@ }; }; }; - # home-assistant = { - # enable = false; - # subdomain = "home"; - # }; - adguardhome = { - enable = false; - }; }; systemd.network = { diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix deleted file mode 100644 index abd1254b..00000000 --- a/modules/nixos-modules/server/adguardhome.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - lib, - config, - ... -}: let - dnsPort = 53; -in { - options.host.adguardhome = { - enable = lib.mkEnableOption "should ad guard home be enabled on this computer"; - directory = lib.mkOption { - type = lib.types.str; - default = "/var/lib/AdGuardHome/"; - }; - }; - config = lib.mkIf config.host.adguardhome.enable (lib.mkMerge [ - { - services.adguardhome = { - enable = true; - mutableSettings = false; - settings = { - dns = { - bootstrap_dns = [ - "1.1.1.1" - "9.9.9.9" - ]; - upstream_dns = [ - "dns.quad9.net" - ]; - }; - filtering = { - protection_enabled = true; - filtering_enabled = true; - - parental_enabled = false; # Parental control-based DNS requests filtering. - safe_search = { - enabled = false; # Enforcing "Safe search" option for search engines, when possible. - }; - }; - # The following notation uses map - # to not have to manually create {enabled = true; url = "";} for every filter - # This is, however, fully optional - filters = - map (url: { - enabled = true; - url = url; - }) [ - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist - ]; - }; - }; - - networking.firewall.allowedTCPPorts = [ - dnsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.host.adguardhome.directory; - user = "adguardhome"; - group = "adguardhome"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 83a08308..5f639252 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,7 +9,6 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix - ./adguardhome.nix ./immich.nix ./qbittorent.nix ]; From 9699472b1ecefbfae9033590cc680ef6e2f48d15 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:36:02 -0500 Subject: [PATCH 756/932] update readme --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bc31eca0..75ff24c5 100644 --- a/README.md +++ b/README.md @@ -66,5 +66,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html - migrate away from flakes and move to npins - fix nfs -- fix home assistant -- create adguard server \ No newline at end of file +- crab-hole +- nix mcp +- figure out ai vs code plugin +- whisper \ No newline at end of file From 776bf8f7442d212aba194d279a9dbb01e65c156c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 18:25:53 -0500 Subject: [PATCH 757/932] updated readme --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 75ff24c5..d41b7a3e 100644 --- a/README.md +++ b/README.md @@ -41,14 +41,13 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Research topics - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` -- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ # Tasks: ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- syncthing folder passwords - nfs export should be backed by the same values for server and client ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) @@ -69,4 +68,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - crab-hole - nix mcp - figure out ai vs code plugin -- whisper \ No newline at end of file +- whisper +- figure out why syncthing and jellyfins permissions don't propagate downwards +- auto turn off on power loss \ No newline at end of file From 035089be385da1ad5e553876992034607b43b88b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 19:14:32 -0500 Subject: [PATCH 758/932] updated README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d41b7a3e..e9a06298 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ +- nix config mcp https://github.com/utensils/mcp-nixos # Tasks: From b8e21e6c61d5b969ceac78cacbb53d792bf6017c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 22:44:49 -0500 Subject: [PATCH 759/932] organized README.md --- README.md | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index e9a06298..141c2fd0 100644 --- a/README.md +++ b/README.md @@ -51,24 +51,23 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - nfs export should be backed by the same values for server and client ## New Features -- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- samba mounts +- crab-hole +- figure out why syncthing and jellyfins permissions don't propagate downwards - figure out steam vr things? -- Open GL? -- rotate sops encryption keys periodically (and somehow sync between devices?) +- auto turn off on power loss - nut - zfs email after scrubbing # TODO: test this -- wake on LAN for updates -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- SMART test with email results +- fix nfs +- samba mounts +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- Create Tor guard/relay server +- migrate away from flakes and move to npins +- whisper +- figure out ai vs code plugin +- nix mcp - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote -- SMART test with email results -- Create Tor guard/relay server +- rotate sops encryption keys periodically (and somehow sync between devices?) +- wake on LAN for updates - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins -- fix nfs -- crab-hole -- nix mcp -- figure out ai vs code plugin -- whisper -- figure out why syncthing and jellyfins permissions don't propagate downwards -- auto turn off on power loss \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file From 0e8a148517cc90cdd3f6c2ac963b010ce7ca958a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 16:10:30 -0500 Subject: [PATCH 760/932] started to break up home-assistant config --- .../nixos/defiant/configuration.nix | 5 ++++ .../nixos-modules/server/home-assistant.nix | 28 +++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2b221ab6..66555721 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -280,6 +280,11 @@ subdomain = "home"; openFirewall = true; database = "postgres"; + + extensions = { + sonos.enable = true; + jellyfin.enable = true; + }; }; qbittorrent = { diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 74979954..231c2e14 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -21,6 +21,20 @@ in { description = "what database do we want to use"; default = "builtin"; }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + }; }; config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ @@ -50,11 +64,9 @@ in { "radio_browser" "isal" "zha" - "jellyfin" "webostv" "tailscale" "syncthing" - "sonos" "analytics_insights" "unifi" "openweathermap" @@ -80,10 +92,22 @@ in { ]; }; + # TODO: configure /var/lib/hass/secrets.yaml via sops + systemd.tmpfiles.rules = [ "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" ]; } + (lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { + services.home-assistant.extraComponents = ["sonos"]; + networking.firewall.allowedTCPPorts = [ + config.services.home-assistant.extensions.sonos.port + ]; + }) + (lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { + services.home-assistant.extraComponents = ["jellyfin"]; + # TODO: configure port, address, and login information here + }) (lib.mkIf (config.services.home-assistant.database == "postgres") { host = { postgres = { From 2e8eba77099804b300597e760389760a446f02a2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 17:22:46 -0500 Subject: [PATCH 761/932] installed wyoming --- modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 7 +++ modules/nixos-modules/server/wyoming.nix | 50 +++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 modules/nixos-modules/server/wyoming.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 5f639252..00e506dc 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,6 +9,7 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix + ./wyoming.nix ./immich.nix ./qbittorent.nix ]; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 231c2e14..6eb56825 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -34,6 +34,9 @@ in { jellyfin = { enable = lib.mkEnableOption "enable the jellyfin plugin"; }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; }; }; @@ -108,6 +111,10 @@ in { services.home-assistant.extraComponents = ["jellyfin"]; # TODO: configure port, address, and login information here }) + (lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { + services.home-assistant.extraComponents = ["wyoming"]; + services.wyoming.enable = true; + }) (lib.mkIf (config.services.home-assistant.database == "postgres") { host = { postgres = { diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix new file mode 100644 index 00000000..d41a9620 --- /dev/null +++ b/modules/nixos-modules/server/wyoming.nix @@ -0,0 +1,50 @@ +{ + lib, + config, + ... +}: { + options.services.wyoming.enable = lib.mkEnableOption "should wyoming be enabled on this device"; + config = lib.mkIf config.services.wyoming.enable (lib.mkMerge [ + { + services.wyoming.piper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py + voice = "en-us-amy-low"; + uri = "tcp://0.0.0.0:10200"; + speaker = 0; + }; + }; + }; + + services.wyoming.faster-whisper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py + model = "tiny-int8"; + language = "en"; + uri = "tcp://0.0.0.0:10300"; + device = "cpu"; + }; + }; + }; + + # needs access to /proc/cpuinfo + systemd.services."wyoming-faster-whisper-en".serviceConfig.ProcSubset = lib.mkForce "all"; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = "/var/lib/private/wyoming"; + mode = "0700"; + } + ]; + }; + }) + ]); +} From 2188954b79aabbf3835ec9af5f1811d672283ece Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 17:39:25 -0500 Subject: [PATCH 762/932] installed open wake word --- .../nixos/defiant/configuration.nix | 1 + modules/nixos-modules/server/wyoming.nix | 49 ++++++++++++------- 2 files changed, 32 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 66555721..3ab557d1 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -284,6 +284,7 @@ extensions = { sonos.enable = true; jellyfin.enable = true; + wyoming.enable = true; }; }; diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index d41a9620..4894dd43 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -6,29 +6,42 @@ options.services.wyoming.enable = lib.mkEnableOption "should wyoming be enabled on this device"; config = lib.mkIf config.services.wyoming.enable (lib.mkMerge [ { - services.wyoming.piper = { - servers = { - "en" = { - enable = true; - # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py - voice = "en-us-amy-low"; - uri = "tcp://0.0.0.0:10200"; - speaker = 0; + services.wyoming = { + # Text to speech + piper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py + voice = "en-us-amy-low"; + uri = "tcp://0.0.0.0:10200"; + speaker = 0; + }; }; }; - }; - services.wyoming.faster-whisper = { - servers = { - "en" = { - enable = true; - # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py - model = "tiny-int8"; - language = "en"; - uri = "tcp://0.0.0.0:10300"; - device = "cpu"; + # Speech to text + faster-whisper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py + model = "tiny-int8"; + language = "en"; + uri = "tcp://0.0.0.0:10300"; + device = "cpu"; + }; }; }; + + openwakeword = { + enable = true; + uri = "tcp://0.0.0.0:10400"; + preloadModels = [ + "ok_nabu" + ]; + # TODO: custom models + }; }; # needs access to /proc/cpuinfo From 92839b4603b4a820bac53062226f9abd854d1d2b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 18:30:45 -0500 Subject: [PATCH 763/932] got hass app config closer to working --- modules/nixos-modules/server/home-assistant.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 6eb56825..07dcc030 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -74,6 +74,7 @@ in { "unifi" "openweathermap" "ollama" + "mobile_app" ]; config = { http = { @@ -83,6 +84,10 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; + homeassistant = { + external_url = "https://home.jan-leila.com"; + internal_url = "http://192.168.1.2:8123"; + }; recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; @@ -97,6 +102,10 @@ in { # TODO: configure /var/lib/hass/secrets.yaml via sops + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + systemd.tmpfiles.rules = [ "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" ]; From 2fb56dc2967f97512cb09ff198b35c884984e664 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 19:00:16 -0500 Subject: [PATCH 764/932] moved home-assistant fail2ban config to its own module --- modules/nixos-modules/server/fail2ban.nix | 24 ------------- .../nixos-modules/server/home-assistant.nix | 34 +++++++++++++++++++ 2 files changed, 34 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 1851e33b..d19aeebd 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -16,20 +16,6 @@ in { failregex = "limiting requests, excess:.* by zone.*client: " '') ); - # "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( - # pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - # [INCLUDES] - # before = common.conf - - # [Definition] - # failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - # ignoreregex = - - # [Init] - # datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - # '') - # ); }; services.fail2ban = { @@ -61,16 +47,6 @@ in { bantime = 600; maxretry = 5; }; - home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 07dcc030..3e225ff3 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, ... }: let @@ -155,6 +156,39 @@ in { ]; }; }) + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { assertions = [ { From 1e5eed80c16c5f9049773bae0df4d495544585ea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 10:49:04 -0500 Subject: [PATCH 765/932] installed more home assistant components --- modules/nixos-modules/server/home-assistant.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 3e225ff3..f91e02ec 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -64,6 +64,8 @@ in { services.home-assistant = { configDir = configDir; extraComponents = [ + "default_config" + "esphome" "met" "radio_browser" "isal" @@ -76,6 +78,20 @@ in { "openweathermap" "ollama" "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" ]; config = { http = { @@ -92,6 +108,7 @@ in { recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; + mobile_app = {}; }; extraPackages = python3Packages: with python3Packages; [ From 3a875e0c1f6587530aa4844c84b7939a2c194cae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 11:43:45 -0500 Subject: [PATCH 766/932] drafted out paperless config --- .../nixos/defiant/configuration.nix | 5 ++ modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 4 +- modules/nixos-modules/server/paperless.nix | 80 +++++++++++++++++++ modules/nixos-modules/users.nix | 15 ++++ 5 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 modules/nixos-modules/server/paperless.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3ab557d1..0d6173c3 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -288,6 +288,11 @@ }; }; + paperless = { + enable = false; + subdomain = "documents"; + }; + qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 00e506dc..95c7096e 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -12,5 +12,6 @@ ./wyoming.nix ./immich.nix ./qbittorent.nix + ./paperless.nix ]; } diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index f91e02ec..57bedc13 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -102,8 +102,8 @@ in { login_attempts_threshold = 10; }; homeassistant = { - external_url = "https://home.jan-leila.com"; - internal_url = "http://192.168.1.2:8123"; + external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; + # internal_url = "http://192.168.1.2:8123"; }; recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix new file mode 100644 index 00000000..e49249d9 --- /dev/null +++ b/modules/nixos-modules/server/paperless.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/paperless"; +in { + options.services.paperless = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that paperless will be hosted at"; + default = "paperless"; + }; + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ + { + host = { + reverse_proxy.subdomains.${config.services.paperless.subdomain} = { + target = "http://${config.services.paperless.address}:${config.services.paperless.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + ''; + }; + postgres = { + enable = true; + extraUsers = { + ${config.services.paperless.database.user} = { + isClient = true; + }; + }; + }; + }; + services.paperless = { + # TODO: configure passwordFile with sops + configureTika = true; + settings = { + PAPERLESS_URL = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: fail2ban config + }) + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.paperless.dataDir == dataDir; + message = "paperless data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDir; + user = "paperless"; + group = "paperless"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 68bd78b5..a774e448 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -24,6 +24,7 @@ git = 2009; immich = 2010; qbittorrent = 2011; + paperless = 2012; }; gids = { @@ -40,6 +41,7 @@ git = 2009; immich = 2010; qbittorrent = 2011; + paperless = 2012; }; users = config.users.users; @@ -169,6 +171,12 @@ in { isNormalUser = true; group = config.users.users.qbittorrent.name; }; + + paperless = { + uid = lib.mkForce uids.paperless; + isSystemUser = true; + group = config.users.users.paperless.name; + }; }; groups = { @@ -273,6 +281,13 @@ in { leyla ]; }; + + paperless = { + gid = lib.mkForce gids.paperless; + members = [ + users.paperless.name + ]; + }; }; }; } From c8f163ed0c1950ea5f0cd25bef96d3a912f13526 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 19:38:24 -0500 Subject: [PATCH 767/932] fixed paperless --- .../nixos/defiant/configuration.nix | 9 ++++- flake.lock | 26 ++++++------- modules/nixos-modules/server/forgejo.nix | 6 +++ modules/nixos-modules/server/jellyfin.nix | 4 +- modules/nixos-modules/server/paperless.nix | 38 +++++++++++++++++-- nix-config-secrets | 2 +- 6 files changed, 64 insertions(+), 21 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0d6173c3..960e90bc 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -17,6 +17,12 @@ "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/paperless_password" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + mode = "0700"; + owner = "paperless"; + group = "paperless"; + }; }; host = { @@ -289,8 +295,9 @@ }; paperless = { - enable = false; + enable = true; subdomain = "documents"; + passwordFile = config.sops.secrets."services/paperless_password".path; }; qbittorrent = { diff --git a/flake.lock b/flake.lock index a60584d2..a32ae84b 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1752269946, - "narHash": "sha256-vL26J2f9uXvwBNkfwYH1v75VwN22ZLhBcyZeenJwnCU=", + "lastModified": 1752379414, + "narHash": "sha256-0R3slhrjrnzyxR/fAYy5UliZvSgaVS38YCESBdH5RJw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9885400dbd82f9b2970b30e18f233404416f7cca", + "rev": "51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1752265577, - "narHash": "sha256-YhnBM3oknReSFTAuc2SMwekwjl9nDd5PUhcar4DsefM=", + "lastModified": 1752467539, + "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", "owner": "nix-community", "repo": "home-manager", - "rev": "3976e0507edc9a5f332cb2be93fa20e646d22374", + "rev": "1e54837569e0b80797c47be4720fab19e0db1616", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1752200230, - "narHash": "sha256-WqqWjRX4qZYqO/cgvU/ZEzJBQqHBi17OEVv2kt05WiU=", + "lastModified": 1752459325, + "narHash": "sha256-46TgjdxT02a4nFd9HCXCf8kK5ZSH7r9gYROLtc8zVOg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3c866dfb70d282247452742098d315b97df713d2", + "rev": "61c2e99ebd586f463a6c0ebe3d931e74883b163d", "type": "github" }, "original": { @@ -293,11 +293,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1749061163, - "narHash": "sha256-WflcbitH7ErNZBFqZCdy1ODUqKF51xbu2zYfqA35+1M=", + "lastModified": 1752531440, + "narHash": "sha256-04tQ3EUrtmZ7g6fVUkZC4AbAG+Z7lng79qU3jsiqWJY=", "ref": "refs/heads/main", - "rev": "1c5c059c0c7b6ce691993262fe10a2b63e1c31ba", - "revCount": 19, + "rev": "f016767c13aa36dde91503f7a9f01bdd02468045", + "revCount": 20, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 40a53030..7898daad 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -28,6 +28,12 @@ in { extraUsers = { ${db_user} = { isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${db_user} = { + name = db_user; }; }; }; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index a8bbe71c..bad04c98 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -55,7 +55,7 @@ in { } (lib.mkIf config.services.fail2ban.enable { environment.etc = { - "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( + "fail2ban/filter.d/jellyfin.local".text = ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." @@ -65,7 +65,7 @@ in { services.fail2ban = { jails = { - jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + jellyfin-iptables.settings = { enabled = true; filter = "jellyfin"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix index e49249d9..0243d534 100644 --- a/modules/nixos-modules/server/paperless.nix +++ b/modules/nixos-modules/server/paperless.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: let dataDir = "/var/lib/paperless"; @@ -24,7 +25,7 @@ in { { host = { reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${config.services.paperless.port}"; + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; websockets.enable = true; forwardHeaders.enable = true; @@ -39,15 +40,20 @@ in { extraUsers = { ${config.services.paperless.database.user} = { isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${config.services.paperless.database.user} = { + name = config.services.paperless.database.user; }; }; }; }; services.paperless = { - # TODO: configure passwordFile with sops configureTika = true; settings = { - PAPERLESS_URL = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + PAPERLESS_URL = "https://${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBHOST = "/run/postgresql"; @@ -57,7 +63,31 @@ in { }; } (lib.mkIf config.services.fail2ban.enable { - # TODO: fail2ban config + environment.etc = { + "fail2ban/filter.d/paperless.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ + ignoreregex = + + '') + ); + }; + + services.fail2ban = { + jails = { + paperless.settings = { + enabled = true; + filter = "paperless"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.paperless.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; }) (lib.mkIf config.host.impermanence.enable { assertions = [ diff --git a/nix-config-secrets b/nix-config-secrets index 1c5c059c..f016767c 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 1c5c059c0c7b6ce691993262fe10a2b63e1c31ba +Subproject commit f016767c13aa36dde91503f7a9f01bdd02468045 From 3f3ae74fac8f7437d4510fa4ca79c9f96743a594 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 18 Jul 2025 21:19:18 -0500 Subject: [PATCH 768/932] enabled ollama on horizon --- configurations/nixos/horizon/configuration.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 42dcbb9d..99b6ee9d 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -126,6 +126,13 @@ }; syncthing.enable = true; + + ollama = { + enable = true; + loadModels = [ + "llama3.1:8b" + ]; + }; }; # Enable touchpad support (enabled default in most desktopManager). From 358f0394607843d23f659d6aae633c1c29b1a9ef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 21 Jul 2025 19:35:11 -0500 Subject: [PATCH 769/932] created custom vscode extension --- .../leyla/packages/vscode/default.nix | 5 +++ .../pkgs/codium-extensions/ai-code.nix | 42 +++++++++++++++++++ .../pkgs/codium-extensions/default.nix | 3 ++ modules/common-modules/pkgs/default.nix | 3 ++ 4 files changed, 53 insertions(+) create mode 100644 modules/common-modules/pkgs/codium-extensions/ai-code.nix create mode 100644 modules/common-modules/pkgs/codium-extensions/default.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 89ee8760..f9111048 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -99,6 +99,11 @@ in { ++ (lib.lists.optionals ai-tooling-enabled [ ]) ) + ++ ( + with pkgs.codium-extensions; [ + ai-code + ] + ) ); }; }; diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix new file mode 100644 index 00000000..ccd4cb88 --- /dev/null +++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix @@ -0,0 +1,42 @@ +{ + buildNpmPackage, + vscode-utils, + pkgs, + ... +}: let + version = "0.0.1"; + pname = "ai-code"; + publisher = "jan-leila"; + vsix = buildNpmPackage { + inherit version pname; + + src = builtins.fetchGit { + url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; + rev = "480b51830602b28009e6b5c5014e7e2970a0a3b3"; + }; + + npmDepsHash = "sha256-WxLb+e0itOCIRXpVOjcbPm6QNWbdSKZOPeXLyOa4ROQ="; + + nativeBuildInputs = with pkgs; [ + vsce + ]; + + buildPhase = '' + ${pkgs.vsce}/bin/vsce package -o ${pname}.zip + ''; + + installPhase = '' + mkdir -p $out + mv ${pname}.zip $out/${pname}.zip + ''; + }; +in + vscode-utils.buildVscodeExtension { + inherit pname version; + + src = "${vsix}/${pname}.zip"; + + vscodeExtUniqueId = "${publisher}.${pname}"; + vscodeExtPublisher = publisher; + vscodeExtName = pname; + } diff --git a/modules/common-modules/pkgs/codium-extensions/default.nix b/modules/common-modules/pkgs/codium-extensions/default.nix new file mode 100644 index 00000000..a60e8a03 --- /dev/null +++ b/modules/common-modules/pkgs/codium-extensions/default.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + ai-code = pkgs.callPackage ./ai-code.nix {}; +} diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index e9553544..16f3a3c9 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -19,5 +19,8 @@ (final: prev: { gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; }) + (final: prev: { + codium-extensions = pkgs.callPackage ./codium-extensions {}; + }) ]; } From e14d1387dc2936c1186fd7186c9f0dcc19f9cce5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 23 Jul 2025 18:15:58 -0500 Subject: [PATCH 770/932] updated user-words in vscode config --- .../leyla/packages/vscode/default.nix | 104 ++++++++++-------- .../leyla/packages/vscode/user-words.nix | 79 ++++++++++++- .../nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/desktop.nix | 2 +- modules/nixos-modules/users.nix | 16 --- 5 files changed, 133 insertions(+), 70 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index f9111048..2e20db72 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -8,6 +8,10 @@ nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = osConfig.host.ai.enable; in { + imports = [ + ./user-words.nix + ]; + config = lib.mkIf config.user.isDesktopUser { programs = { bash.shellAliases = { @@ -26,7 +30,6 @@ in { userSettings = lib.mkMerge [ { "workbench.colorTheme" = "Atom One Dark"; - "cSpell.userWords" = import ./user-words.nix; "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; @@ -52,58 +55,67 @@ in { extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( - with extension-pkgs.open-vsx; - [ - # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + ( + with extension-pkgs.open-vsx; ( + [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - orta.vscode-jest - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + orta.vscode-jest + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # go extensions - golang.go + # go extensions + golang.go - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ++ ( - with extension-pkgs.vscode-marketplace; - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - ]) - ) - ++ ( - with pkgs.codium-extensions; [ - ai-code + # misc extensions + tamasfe.even-better-toml ] + ++ (lib.lists.optionals nix-development-enabled [ + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + kamadorueda.alejandra + ]) ) + ) + ++ ( + with extension-pkgs.vscode-marketplace; ( + [ + # js extensions + karyfoundation.nearley + ] + ++ (lib.lists.optionals ai-tooling-enabled [ + ]) + ) + ) + ++ ( + with pkgs.codium-extensions; ( + [] + ++ ( + lib.lists.optionals ai-tooling-enabled [ + ai-code + ] + ) + ) + ) ); }; }; diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index b5811188..145604a9 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -1,6 +1,73 @@ -[ - "leyla" - "webdav" - "ollama" - "optimise" -] +{...}: { + config.programs.vscode.profiles.default.userSettings = { + "cSpell.userWords" = [ + "leyla" + "ollama" + ]; + "[javascript][typescript]"."cSpell.userWords" = [ + "webdav" + ]; + "[nix]"."cSpell.userWords" = [ + "pname" + "direnv" + "deepseek" + "qwen" + "syncthing" + "immich" + "sonos" + "makemkv" + "hass" + "qbittorent" + "prostudiomasters" + "tmpfiles" + "networkmanager" + "Networkd" + "networkmanager" + "dialout" + "adbusers" + "protonmail" + "authkey" + "netdevs" + "atomix" + "geary" + "gedit" + "hitori" + "iagno" + "alsa" + "timezoned" + "pipewire" + "pulseaudio" + "rtkit" + "disko" + "ashift" + "autotrim" + "canmount" + "mountpoint" + "xattr" + "acltype" + "relatime" + "keyformat" + "keylocation" + "vdevs" + + # codium extensions + "akamud" + "onedark" + "jeanp" + "dsznajder" + "dbaeumer" + "orta" + "tauri" + "unifiedjs" + "tamasfe" + "pinage" + "jnoortheen" + "kamadorueda" + "karyfoundation" + "nearley" + + # nix.optimise is spelled wrong + "optimise" + ]; + }; +} diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 960e90bc..094becb2 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -201,7 +201,7 @@ autoSnapshot.enable = true; }; - # temp enable desktop enviroment for setup + # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 900aacf6..e1882b37 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -22,7 +22,7 @@ gnome-characters # character set viewer gnome-music # music player gnome-photos # photo viewer - gnome-logs # log viwer + gnome-logs # log viewer gnome-maps # map viewer gnome-tour # welcome tour hitori # sudoku game diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index a774e448..b1353676 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -17,7 +17,6 @@ eve = 1002; jellyfin = 2000; forgejo = 2002; - adguardhome = 2003; hass = 2004; syncthing = 2007; ollama = 2008; @@ -34,7 +33,6 @@ jellyfin_media = 2001; jellyfin = 2000; forgejo = 2002; - adguardhome = 2003; hass = 2004; syncthing = 2007; ollama = 2008; @@ -129,12 +127,6 @@ in { group = config.users.users.forgejo.name; }; - adguardhome = { - uid = lib.mkForce uids.adguardhome; - isSystemUser = true; - group = config.users.users.adguardhome.name; - }; - hass = { uid = lib.mkForce uids.hass; isSystemUser = true; @@ -227,14 +219,6 @@ in { ]; }; - adguardhome = { - gid = lib.mkForce gids.adguardhome; - members = [ - users.adguardhome.name - # leyla - ]; - }; - hass = { gid = lib.mkForce gids.hass; members = [ From 1ac0b89935dc11609bbc26b18e016db1bfc7295a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 23 Jul 2025 18:47:46 -0500 Subject: [PATCH 771/932] fixed cname words --- configurations/home-manager/leyla/packages/vscode/default.nix | 3 --- .../home-manager/leyla/packages/vscode/user-words.nix | 4 ---- 2 files changed, 7 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 2e20db72..228f6343 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -44,9 +44,6 @@ in { "editor.formatOnType" = true; }; "alejandra.program" = "alejandra"; - "nixpkgs" = { - "expr" = "import {}"; - }; }) (lib.mkIf ai-tooling-enabled { }) diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index 145604a9..ca4b1d1f 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -3,11 +3,7 @@ "cSpell.userWords" = [ "leyla" "ollama" - ]; - "[javascript][typescript]"."cSpell.userWords" = [ "webdav" - ]; - "[nix]"."cSpell.userWords" = [ "pname" "direnv" "deepseek" From 9b5ccf6cc95ba0bffa542ea0df313846689a9072 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 24 Jul 2025 01:06:50 -0500 Subject: [PATCH 772/932] updated aiCode extension --- configurations/home-manager/leyla/packages/vscode/default.nix | 3 ++- modules/common-modules/pkgs/codium-extensions/ai-code.nix | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 228f6343..c28861f2 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -46,7 +46,8 @@ in { "alejandra.program" = "alejandra"; }) (lib.mkIf ai-tooling-enabled { - }) + "aiCode.ollamaHost" = "http://defiant:11434"; + }) ]; extensions = let diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix index ccd4cb88..38e9dd99 100644 --- a/modules/common-modules/pkgs/codium-extensions/ai-code.nix +++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix @@ -12,10 +12,10 @@ src = builtins.fetchGit { url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; - rev = "480b51830602b28009e6b5c5014e7e2970a0a3b3"; + rev = "bdb615876df41717180c31640a8542b86326a9b3"; }; - npmDepsHash = "sha256-WxLb+e0itOCIRXpVOjcbPm6QNWbdSKZOPeXLyOa4ROQ="; + npmDepsHash = "sha256-kjMyEnT3dz0yH5Ydh+aGoFDocKpBYGRmfnwbEdvvgpY="; nativeBuildInputs = with pkgs; [ vsce From 3131d264d350f487fc18183ef968d97e96cfa7c6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 25 Jul 2025 20:50:53 -0500 Subject: [PATCH 773/932] updated flake lock --- .../home-manager/leyla/packages/default.nix | 2 +- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 62 +++++------ flake.nix | 2 +- modules/nixos-modules/server/qbittorent.nix | 101 +----------------- modules/nixos-modules/users.nix | 2 +- 6 files changed, 38 insertions(+), 133 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 63f9661e..eaaaf2d5 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -44,7 +44,7 @@ in { signal-desktop-bin.enable = true; calibre.enable = true; obsidian.enable = true; - jetbrains.idea-community.enable = true; + jetbrains.idea-community.enable = false; vscode.enable = true; firefox.enable = true; steam.enable = true; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 094becb2..9e8f25a3 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -304,7 +304,7 @@ enable = true; mediaDir = "/srv/qbittorent"; openFirewall = true; - webPort = 8084; + webuiPort = 8084; }; }; diff --git a/flake.lock b/flake.lock index a32ae84b..5a853aa6 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1752113600, - "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", + "lastModified": 1753140376, + "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", "owner": "nix-community", "repo": "disko", - "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", + "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1752379414, - "narHash": "sha256-0R3slhrjrnzyxR/fAYy5UliZvSgaVS38YCESBdH5RJw=", + "lastModified": 1753416229, + "narHash": "sha256-45s1L4h/6t3M+/ppqow1OFUgfk9jZHsR4jxNgxIWWmM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7", + "rev": "553afee4efb5a7dea03cf654deafacd8fa1004f9", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1752467539, - "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", + "lastModified": 1753470191, + "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e54837569e0b80797c47be4720fab19e0db1616", + "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", "type": "github" }, "original": { @@ -146,15 +146,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1746827285, - "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", - "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", + "lastModified": 1753306924, + "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", + "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz?rev=1a4393d0aac31aba21f5737ede1b171e11336d77" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" } }, "lix-module": { @@ -167,15 +167,15 @@ ] }, "locked": { - "lastModified": 1746838955, - "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", - "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", + "lastModified": 1753282722, + "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", + "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz" } }, "nix-darwin": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1752459325, - "narHash": "sha256-46TgjdxT02a4nFd9HCXCf8kK5ZSH7r9gYROLtc8zVOg=", + "lastModified": 1753409666, + "narHash": "sha256-bFjln7BkIGOlLHeUzUxfEho2GnrIrQE6O59plpvPiYY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "61c2e99ebd586f463a6c0ebe3d931e74883b163d", + "rev": "38a251b6e95659b12dfb3b9fdc237d1ba2ac3786", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1752048960, - "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", + "lastModified": 1753122741, + "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", + "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", + "lastModified": 1753250450, + "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1751606940, - "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", + "lastModified": 1752544651, + "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", + "rev": "2c8def626f54708a9c38a5861866660395bb3461", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 651a210a..67ff0c42 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix index 9b7b7e8f..2d545875 100644 --- a/modules/nixos-modules/server/qbittorent.nix +++ b/modules/nixos-modules/server/qbittorent.nix @@ -1,115 +1,20 @@ { lib, - pkgs, config, ... }: let - qbittorent_data_directory = "/var/lib/qbittorrent"; + qbittorent_profile_directory = "/var/lib/qBittorrent/"; in { options.services.qbittorrent = { - enable = lib.mkEnableOption "should the headless qbittorrent service be enabled"; - - dataDir = lib.mkOption { - type = lib.types.path; - default = "/var/lib/qbittorrent"; - description = lib.mdDoc '' - The directory where qBittorrent stores its data files. - ''; - }; - mediaDir = lib.mkOption { type = lib.types.path; description = lib.mdDoc '' The directory to create to store qbittorrent media. ''; }; - - user = lib.mkOption { - type = lib.types.str; - default = "qbittorrent"; - description = lib.mdDoc '' - User account under which qBittorrent runs. - ''; - }; - - group = lib.mkOption { - type = lib.types.str; - default = "qbittorrent"; - description = lib.mdDoc '' - Group under which qBittorrent runs. - ''; - }; - - webPort = lib.mkOption { - type = lib.types.port; - default = 8080; - description = lib.mdDoc '' - qBittorrent web UI port. - ''; - }; - - openFirewall = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Open services.qBittorrent.webPort to the outside network."; - }; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.qbittorrent-nox; - defaultText = lib.literalExpression "pkgs.qbittorrent-nox"; - description = "The qbittorrent package to use."; - }; }; config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - { - networking.firewall = lib.mkIf config.services.qbittorrent.openFirewall { - allowedTCPPorts = [config.services.qbittorrent.webPort]; - }; - - systemd.services.qbittorrent = { - # based on the plex.nix service module and - # https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in - description = "qBittorrent-nox service"; - documentation = ["man:qbittorrent-nox(1)"]; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - - serviceConfig = { - Type = "simple"; - User = config.services.qbittorrent.user; - Group = config.services.qbittorrent.group; - - # Run the pre-start script with full permissions (the "!" prefix) so it - # can create the data directory if necessary. - ExecStartPre = let - preStartScript = pkgs.writeScript "qbittorrent-run-prestart" '' - #!${pkgs.bash}/bin/bash - - # Create data directory if it doesn't exist - if ! test -d "$QBT_PROFILE"; then - echo "Creating initial qBittorrent data directory in: $QBT_PROFILE" - install -d -m 0755 -o "${config.services.qbittorrent.user}" -g "${config.services.qbittorrent.group}" "$QBT_PROFILE" - fi - ''; - in "!${preStartScript}"; - - #ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; - ExecStart = "${config.services.qbittorrent.package}/bin/qbittorrent-nox"; - # To prevent "Quit & shutdown daemon" from working; we want systemd to - # manage it! - #Restart = "on-success"; - #UMask = "0002"; - #LimitNOFILE = cfg.openFilesLimit; - }; - - environment = { - QBT_PROFILE = config.services.qbittorrent.dataDir; - QBT_WEBUI_PORT = toString config.services.qbittorrent.webPort; - }; - }; - } (lib.mkIf config.host.impermanence.enable { fileSystems."/persist/system/qbittorrent".neededForBoot = true; @@ -126,7 +31,7 @@ in { assertions = [ { - assertion = config.services.qbittorrent.dataDir == qbittorent_data_directory; + assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; message = "qbittorrent data directory does not match persistence"; } ]; @@ -135,7 +40,7 @@ in { "/persist/system/root" = { directories = [ { - directory = qbittorent_data_directory; + directory = qbittorent_profile_directory; user = "qbittorrent"; group = "qbittorrent"; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index b1353676..eeddafdd 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -160,7 +160,7 @@ in { qbittorrent = { uid = lib.mkForce uids.qbittorrent; - isNormalUser = true; + isSystemUser = true; group = config.users.users.qbittorrent.name; }; From dfcd16fdd226f6d7b21046302fe7e8f453eb5b5d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 25 Jul 2025 21:33:18 -0500 Subject: [PATCH 774/932] updated user words --- .../leyla/packages/vscode/user-words.nix | 183 ++++++++++++------ 1 file changed, 120 insertions(+), 63 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix index ca4b1d1f..bb99bbca 100644 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ b/configurations/home-manager/leyla/packages/vscode/user-words.nix @@ -1,69 +1,126 @@ -{...}: { +{ + pkgs, + lib, + ... +}: { config.programs.vscode.profiles.default.userSettings = { "cSpell.userWords" = [ "leyla" - "ollama" - "webdav" - "pname" - "direnv" - "deepseek" - "qwen" - "syncthing" - "immich" - "sonos" - "makemkv" - "hass" - "qbittorent" - "prostudiomasters" - "tmpfiles" - "networkmanager" - "Networkd" - "networkmanager" - "dialout" - "adbusers" - "protonmail" - "authkey" - "netdevs" - "atomix" - "geary" - "gedit" - "hitori" - "iagno" - "alsa" - "timezoned" - "pipewire" - "pulseaudio" - "rtkit" - "disko" - "ashift" - "autotrim" - "canmount" - "mountpoint" - "xattr" - "acltype" - "relatime" - "keyformat" - "keylocation" - "vdevs" - - # codium extensions - "akamud" - "onedark" - "jeanp" - "dsznajder" - "dbaeumer" - "orta" - "tauri" - "unifiedjs" - "tamasfe" - "pinage" - "jnoortheen" - "kamadorueda" - "karyfoundation" - "nearley" - - # nix.optimise is spelled wrong - "optimise" ]; + + "cSpell.languageSettings" = [ + { + "languageId" = "nix"; + "locale" = "*"; + "dictionaries" = [ + "applications" + "ai-words" + "nix-words" + + # We need to include all other dictionaries in the nix language settings because they exist in this file + # TODO: see if there is a way to make this only apply for this file + "js-words" + ]; + } + { + "languageId" = "javascript,typescript,js,ts"; + "locale" = "*"; + "dictionaries" = [ + "js-words" + ]; + } + ]; + + "cSpell.customDictionaries" = { + applications = { + name = "applications"; + description = "application names"; + path = pkgs.writeText "applications.txt" (lib.strings.concatLines [ + "ollama" + "syncthing" + "immich" + "sonos" + "makemkv" + "hass" + "qbittorent" + "prostudiomasters" + "protonmail" + "pulseaudio" + ]); + }; + + ai-words = { + name = "ai-words"; + description = "common words used for ai development"; + path = pkgs.writeText "ai-words.txt" (lib.strings.concatLines [ + "ollama" + "deepseek" + "qwen" + ]); + }; + + nix-words = { + name = "nix-words"; + description = "words used in nix configurations"; + path = pkgs.writeText "nix-words.txt" (lib.strings.concatLines [ + "pname" + "direnv" + "tmpfiles" + "Networkd" + "networkmanager" + "dialout" + "adbusers" + "authkey" + "netdevs" + "atomix" + "geary" + "gedit" + "hitori" + "iagno" + "alsa" + "timezoned" + "pipewire" + "rtkit" + "disko" + "ashift" + "autotrim" + "canmount" + "mountpoint" + "xattr" + "acltype" + "relatime" + "keyformat" + "keylocation" + "vdevs" + + # codium extensions + "akamud" + "onedark" + "jeanp" + "dsznajder" + "dbaeumer" + "orta" + "tauri" + "unifiedjs" + "tamasfe" + "pinage" + "jnoortheen" + "kamadorueda" + "karyfoundation" + "nearley" + + # nix.optimise is spelled wrong + "optimise" + ]); + }; + + js-words = { + name = "js-words"; + description = "words used in js development"; + path = pkgs.writeText "js-words.txt" (lib.strings.concatLines [ + "webdav" + ]); + }; + }; }; } From 99fb7b8a6273fbfc5007113a35aec858c995dd91 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 12:50:21 -0500 Subject: [PATCH 775/932] started to move extensions into configurable options --- .../leyla/packages/vscode/default.nix | 26 ++++++---------- .../home-manager-modules/programs/default.nix | 1 + .../programs/vscode/aiCode.nix | 31 +++++++++++++++++++ .../programs/vscode/atomKeybindings.nix | 27 ++++++++++++++++ .../programs/vscode/default.nix | 7 +++++ .../programs/vscode/oneDark.nix | 30 ++++++++++++++++++ 6 files changed, 106 insertions(+), 16 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/aiCode.nix create mode 100644 modules/home-manager-modules/programs/vscode/atomKeybindings.nix create mode 100644 modules/home-manager-modules/programs/vscode/default.nix create mode 100644 modules/home-manager-modules/programs/vscode/oneDark.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index c28861f2..5294ed29 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -29,7 +29,6 @@ in { userSettings = lib.mkMerge [ { - "workbench.colorTheme" = "Atom One Dark"; "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; @@ -45,11 +44,18 @@ in { }; "alejandra.program" = "alejandra"; }) - (lib.mkIf ai-tooling-enabled { - "aiCode.ollamaHost" = "http://defiant:11434"; - }) ]; + # TODO: move the rest of the extensions into enable options like this + extraExtensions = { + oneDark.enable = true; + atomKeybindings.enable = true; + aiCode = { + enable = ai-tooling-enabled; + ollamaHost = "http://defiant:11434"; + }; + }; + extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( @@ -57,8 +63,6 @@ in { with extension-pkgs.open-vsx; ( [ # vs code feel extensions - ms-vscode.atom-keybindings - akamud.vscode-theme-onedark streetsidesoftware.code-spell-checker streetsidesoftware.code-spell-checker-german streetsidesoftware.code-spell-checker-italian @@ -104,16 +108,6 @@ in { ]) ) ) - ++ ( - with pkgs.codium-extensions; ( - [] - ++ ( - lib.lists.optionals ai-tooling-enabled [ - ai-code - ] - ) - ) - ) ); }; }; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index ee52da26..675e77da 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -16,5 +16,6 @@ ./bruno.nix ./dbeaver.nix ./steam.nix + ./vscode ]; } diff --git a/modules/home-manager-modules/programs/vscode/aiCode.nix b/modules/home-manager-modules/programs/vscode/aiCode.nix new file mode 100644 index 00000000..cd23f922 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/aiCode.nix @@ -0,0 +1,31 @@ +{ + lib, + pkgs, + ... +}: let + pkgsRepository = pkgs.codium-extensions; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.aiCode = { + enable = lib.mkEnableOption "should the ai code extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "ai-code" {}; + ollamaHost = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "what host should be used for ollama"; + default = null; + }; + }; + }; + config = lib.mkIf config.extraExtensions.aiCode.enable { + extensions = [ + config.extraExtensions.aiCode.extension + ]; + userSettings = { + "aiCode.ollamaHost" = lib.mkIf (config.extraExtensions.aiCode.ollamaHost != null) config.extraExtensions.aiCode.ollamaHost; + }; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/atomKeybindings.nix b/modules/home-manager-modules/programs/vscode/atomKeybindings.nix new file mode 100644 index 00000000..95cd9284 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/atomKeybindings.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.atomKeybindings = { + enable = lib.mkEnableOption "should the atom keybindings extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "atom-keybindings" { + default = ["ms-vscode" "atom-keybindings"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.atomKeybindings.enable { + extensions = [ + config.extraExtensions.atomKeybindings.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix new file mode 100644 index 00000000..a5fe4742 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -0,0 +1,7 @@ +{...}: { + imports = [ + ./oneDark.nix + ./atomKeybindings.nix + ./aiCode.nix + ]; +} diff --git a/modules/home-manager-modules/programs/vscode/oneDark.nix b/modules/home-manager-modules/programs/vscode/oneDark.nix new file mode 100644 index 00000000..5ed43f40 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/oneDark.nix @@ -0,0 +1,30 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.oneDark = { + enable = lib.mkEnableOption "should the one dark theme for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "onedark" { + default = ["akamud" "vscode-theme-onedark"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.oneDark.enable { + extensions = [ + config.extraExtensions.oneDark.extension + ]; + userSettings = { + "workbench.colorTheme" = "Atom One Dark"; + }; + }; + })); + }; +} From e58f08b72330189f2fdc78615e5a50c39c448d53 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 16:19:41 -0500 Subject: [PATCH 776/932] move nix extensions into vscode extensions folders --- .../leyla/packages/vscode/default.nix | 70 +++++++------------ .../programs/vscode/alejandra.nix | 34 +++++++++ .../programs/vscode/default.nix | 2 + .../programs/vscode/nixIde.nix | 29 ++++++++ 4 files changed, 91 insertions(+), 44 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/alejandra.nix create mode 100644 modules/home-manager-modules/programs/vscode/nixIde.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 5294ed29..0f06f571 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -33,20 +33,8 @@ in { "editor.tabSize" = 2; "editor.insertSpaces" = false; } - (lib.mkIf nix-development-enabled { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - }) ]; - # TODO: move the rest of the extensions into enable options like this extraExtensions = { oneDark.enable = true; atomKeybindings.enable = true; @@ -54,49 +42,43 @@ in { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; }; + alejandra.enable = nix-development-enabled; + nixIde.enable = nix-development-enabled; }; extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( ( - with extension-pkgs.open-vsx; ( - [ - # vs code feel extensions - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh + with extension-pkgs.open-vsx; [ + # vs code feel extensions + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - orta.vscode-jest - stylelint.vscode-stylelint - tauri-apps.tauri-vscode + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + orta.vscode-jest + stylelint.vscode-stylelint + tauri-apps.tauri-vscode - # go extensions - golang.go + # go extensions + golang.go - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx + # astro blog extensions + astro-build.astro-vscode + unifiedjs.vscode-mdx - # misc extensions - tamasfe.even-better-toml - ] - ++ (lib.lists.optionals nix-development-enabled [ - # nix extensions - pinage404.nix-extension-pack - jnoortheen.nix-ide - kamadorueda.alejandra - ]) - ) + # misc extensions + tamasfe.even-better-toml + ] ) ++ ( with extension-pkgs.vscode-marketplace; ( diff --git a/modules/home-manager-modules/programs/vscode/alejandra.nix b/modules/home-manager-modules/programs/vscode/alejandra.nix new file mode 100644 index 00000000..ffeaf961 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/alejandra.nix @@ -0,0 +1,34 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.alejandra = { + enable = lib.mkEnableOption "Enable Alejandra extension for Nix formatting"; + extension = lib.mkPackageOption pkgsRepository "alejandra" { + default = ["kamadorueda" "alejandra"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.alejandra.enable { + extensions = [config.extraExtensions.alejandra.extension]; + userSettings = { + "[nix]" = { + "editor.defaultFormatter" = "kamadorueda.alejandra"; + "editor.formatOnPaste" = true; + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; + "alejandra.program" = "alejandra"; + }; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index a5fe4742..1f2d86f5 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -3,5 +3,7 @@ ./oneDark.nix ./atomKeybindings.nix ./aiCode.nix + ./alejandra.nix + ./nixIde.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/nixIde.nix b/modules/home-manager-modules/programs/vscode/nixIde.nix new file mode 100644 index 00000000..bc79b693 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/nixIde.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.nixIde = { + enable = lib.mkEnableOption "Enable Nix IDE extension"; + extension = lib.mkPackageOption pkgsRepository "nix-ide" { + default = ["jnoortheen" "nix-ide"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.nixIde.enable { + extensions = [config.extraExtensions.nixIde.extension]; + userSettings = { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + }; + }; + })); + }; +} From 1f0a147a426ddbf849213c31d567e5f8b3c53faa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 17:40:01 -0500 Subject: [PATCH 777/932] moved more extensions into extension modules --- .../leyla/packages/vscode/default.nix | 33 +++++++++++-------- .../programs/vscode/autoRenameTag.nix | 27 +++++++++++++++ .../programs/vscode/default.nix | 8 +++++ .../programs/vscode/es7ReactJsSnippets.nix | 27 +++++++++++++++ .../programs/vscode/liveServer.nix | 27 +++++++++++++++ .../programs/vscode/tauriVscode.nix | 27 +++++++++++++++ .../programs/vscode/vscodeEslint.nix | 27 +++++++++++++++ .../programs/vscode/vscodeJest.nix | 27 +++++++++++++++ .../programs/vscode/vscodeStandard.nix | 27 +++++++++++++++ .../programs/vscode/vscodeStylelint.nix | 27 +++++++++++++++ 10 files changed, 243 insertions(+), 14 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/autoRenameTag.nix create mode 100644 modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix create mode 100644 modules/home-manager-modules/programs/vscode/liveServer.nix create mode 100644 modules/home-manager-modules/programs/vscode/tauriVscode.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeEslint.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeJest.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeStandard.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeStylelint.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 0f06f571..009d7f00 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -36,14 +36,31 @@ in { ]; extraExtensions = { + # vs code feel oneDark.enable = true; atomKeybindings.enable = true; + + # html development + autoRenameTag.enable = true; + liveServer.enable = true; + + # js development + es7ReactJsSnippets.enable = true; + tauriVscode.enable = true; + vscodeEslint.enable = true; + vscodeJest.enable = true; + vscodeStandard.enable = true; + vscodeStylelint.enable = true; + + # nix development + alejandra.enable = nix-development-enabled; + nixIde.enable = nix-development-enabled; + + # ai tooling aiCode = { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; }; - alejandra.enable = nix-development-enabled; - nixIde.enable = nix-development-enabled; }; extensions = let @@ -57,18 +74,6 @@ in { streetsidesoftware.code-spell-checker-italian jeanp413.open-remote-ssh - # html extensions - formulahendry.auto-rename-tag - ms-vscode.live-server - - # js extensions - dsznajder.es7-react-js-snippets - dbaeumer.vscode-eslint - standard.vscode-standard - orta.vscode-jest - stylelint.vscode-stylelint - tauri-apps.tauri-vscode - # go extensions golang.go diff --git a/modules/home-manager-modules/programs/vscode/autoRenameTag.nix b/modules/home-manager-modules/programs/vscode/autoRenameTag.nix new file mode 100644 index 00000000..5f24a329 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/autoRenameTag.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.autoRenameTag = { + enable = lib.mkEnableOption "should the auto-rename-tag extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "auto-rename-tag" { + default = ["formulahendry" "auto-rename-tag"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.autoRenameTag.enable { + extensions = [ + config.extraExtensions.autoRenameTag.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 1f2d86f5..a11d3e55 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -5,5 +5,13 @@ ./aiCode.nix ./alejandra.nix ./nixIde.nix + ./autoRenameTag.nix + ./es7ReactJsSnippets.nix + ./liveServer.nix + ./tauriVscode.nix + ./vscodeEslint.nix + ./vscodeJest.nix + ./vscodeStandard.nix + ./vscodeStylelint.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix b/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix new file mode 100644 index 00000000..09e6da3e --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.es7ReactJsSnippets = { + enable = lib.mkEnableOption "should the es7-react-js-snippets extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "es7-react-js-snippets" { + default = ["dsznajder" "es7-react-js-snippets"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.es7ReactJsSnippets.enable { + extensions = [ + config.extraExtensions.es7ReactJsSnippets.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/liveServer.nix b/modules/home-manager-modules/programs/vscode/liveServer.nix new file mode 100644 index 00000000..3f53ca30 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/liveServer.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.liveServer = { + enable = lib.mkEnableOption "should the live-server extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "live-server" { + default = ["ms-vscode" "live-server"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.liveServer.enable { + extensions = [ + config.extraExtensions.liveServer.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/tauriVscode.nix b/modules/home-manager-modules/programs/vscode/tauriVscode.nix new file mode 100644 index 00000000..9185fb3a --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/tauriVscode.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.tauriVscode = { + enable = lib.mkEnableOption "should the tauri-vscode extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "tauri-vscode" { + default = ["tauri-apps" "tauri-vscode"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.tauriVscode.enable { + extensions = [ + config.extraExtensions.tauriVscode.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeEslint.nix b/modules/home-manager-modules/programs/vscode/vscodeEslint.nix new file mode 100644 index 00000000..64d979fa --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeEslint.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeEslint = { + enable = lib.mkEnableOption "should the vscode-eslint extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-eslint" { + default = ["dbaeumer" "vscode-eslint"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeEslint.enable { + extensions = [ + config.extraExtensions.vscodeEslint.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeJest.nix b/modules/home-manager-modules/programs/vscode/vscodeJest.nix new file mode 100644 index 00000000..7c24f2ac --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeJest.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeJest = { + enable = lib.mkEnableOption "should the vscode-jest extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-jest" { + default = ["orta" "vscode-jest"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeJest.enable { + extensions = [ + config.extraExtensions.vscodeJest.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeStandard.nix b/modules/home-manager-modules/programs/vscode/vscodeStandard.nix new file mode 100644 index 00000000..31c8ad0b --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeStandard.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeStandard = { + enable = lib.mkEnableOption "should the vscode-standard extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-standard" { + default = ["standard" "vscode-standard"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeStandard.enable { + extensions = [ + config.extraExtensions.vscodeStandard.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix b/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix new file mode 100644 index 00000000..0d43b296 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeStylelint = { + enable = lib.mkEnableOption "should the vscode-stylelint extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-stylelint" { + default = ["stylelint" "vscode-stylelint"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeStylelint.enable { + extensions = [ + config.extraExtensions.vscodeStylelint.extension + ]; + }; + })); + }; +} From 0fd54a5494788a54df3f18f1d6c52839f3d8328c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 26 Jul 2025 17:53:37 -0500 Subject: [PATCH 778/932] added more options to aiCode --- .../home-manager/leyla/packages/vscode/default.nix | 1 + .../programs/vscode/aiCode.nix | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 009d7f00..9ad87bff 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -60,6 +60,7 @@ in { aiCode = { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; + inlineCompletion.model = "qwen3:4b"; }; }; diff --git a/modules/home-manager-modules/programs/vscode/aiCode.nix b/modules/home-manager-modules/programs/vscode/aiCode.nix index cd23f922..838a4399 100644 --- a/modules/home-manager-modules/programs/vscode/aiCode.nix +++ b/modules/home-manager-modules/programs/vscode/aiCode.nix @@ -16,6 +16,18 @@ in { description = "what host should be used for ollama"; default = null; }; + inlineCompletion = { + enable = lib.mkOption { + type = lib.types.bool; + description = "should inline completion be enabled"; + default = true; + }; + model = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "what model should be used for ollama"; + default = null; + }; + }; }; }; config = lib.mkIf config.extraExtensions.aiCode.enable { @@ -24,6 +36,8 @@ in { ]; userSettings = { "aiCode.ollamaHost" = lib.mkIf (config.extraExtensions.aiCode.ollamaHost != null) config.extraExtensions.aiCode.ollamaHost; + "aiCode.inlineCompletion.enable" = config.extraExtensions.aiCode.inlineCompletion.enable; + "aiCode.inlineCompletion.model" = lib.mkIf (config.extraExtensions.aiCode.inlineCompletion.model != null) config.extraExtensions.aiCode.inlineCompletion.model; }; }; })); From b5cfb5ec77826f118e94d274dd6edc9fcfc2ca5f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 27 Jul 2025 18:22:08 -0500 Subject: [PATCH 779/932] moved all extensions other then spell check into their own modules --- .../leyla/packages/vscode/default.nix | 48 ++++++++----------- .../programs/vscode/astroVscode.nix | 27 +++++++++++ .../programs/vscode/default.nix | 6 +++ .../programs/vscode/evenBetterToml.nix | 27 +++++++++++ .../programs/vscode/go.nix | 27 +++++++++++ .../programs/vscode/nearley.nix | 27 +++++++++++ .../programs/vscode/openRemoteSsh.nix | 27 +++++++++++ .../programs/vscode/vscodeMdx.nix | 27 +++++++++++ 8 files changed, 187 insertions(+), 29 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/astroVscode.nix create mode 100644 modules/home-manager-modules/programs/vscode/evenBetterToml.nix create mode 100644 modules/home-manager-modules/programs/vscode/go.nix create mode 100644 modules/home-manager-modules/programs/vscode/nearley.nix create mode 100644 modules/home-manager-modules/programs/vscode/openRemoteSsh.nix create mode 100644 modules/home-manager-modules/programs/vscode/vscodeMdx.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 9ad87bff..6e7887a5 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -39,6 +39,7 @@ in { # vs code feel oneDark.enable = true; atomKeybindings.enable = true; + openRemoteSsh.enable = true; # html development autoRenameTag.enable = true; @@ -52,50 +53,39 @@ in { vscodeStandard.enable = true; vscodeStylelint.enable = true; + nearley.enable = true; + + # astro development + vscodeMdx.enable = true; + astroVscode.enable = true; + # nix development alejandra.enable = nix-development-enabled; nixIde.enable = nix-development-enabled; + # go development + go.enable = true; + # ai tooling aiCode = { enable = ai-tooling-enabled; ollamaHost = "http://defiant:11434"; inlineCompletion.model = "qwen3:4b"; }; + + # misc extensions + evenBetterToml.enable = true; }; extensions = let extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; in ( - ( - with extension-pkgs.open-vsx; [ - # vs code feel extensions - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - jeanp413.open-remote-ssh - - # go extensions - golang.go - - # astro blog extensions - astro-build.astro-vscode - unifiedjs.vscode-mdx - - # misc extensions - tamasfe.even-better-toml - ] - ) - ++ ( - with extension-pkgs.vscode-marketplace; ( - [ - # js extensions - karyfoundation.nearley - ] - ++ (lib.lists.optionals ai-tooling-enabled [ - ]) - ) - ) + with extension-pkgs.open-vsx; [ + # vs code feel extensions + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + ] ); }; }; diff --git a/modules/home-manager-modules/programs/vscode/astroVscode.nix b/modules/home-manager-modules/programs/vscode/astroVscode.nix new file mode 100644 index 00000000..4bae34a4 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/astroVscode.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.astroVscode = { + enable = lib.mkEnableOption "should the astro-vscode extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "astro-vscode" { + default = ["astro-build" "astro-vscode"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.astroVscode.enable { + extensions = [ + config.extraExtensions.astroVscode.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index a11d3e55..ea54d4fb 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -13,5 +13,11 @@ ./vscodeJest.nix ./vscodeStandard.nix ./vscodeStylelint.nix + ./go.nix + ./evenBetterToml.nix + ./openRemoteSsh.nix + ./astroVscode.nix + ./vscodeMdx.nix + ./nearley.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/evenBetterToml.nix b/modules/home-manager-modules/programs/vscode/evenBetterToml.nix new file mode 100644 index 00000000..9813ee1e --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/evenBetterToml.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.evenBetterToml = { + enable = lib.mkEnableOption "should the even-better-toml extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "even-better-toml" { + default = ["tamasfe" "even-better-toml"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.evenBetterToml.enable { + extensions = [ + config.extraExtensions.evenBetterToml.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/go.nix b/modules/home-manager-modules/programs/vscode/go.nix new file mode 100644 index 00000000..02ffe5da --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/go.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.go = { + enable = lib.mkEnableOption "should the go extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "go" { + default = ["golang" "go"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.go.enable { + extensions = [ + config.extraExtensions.go.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/nearley.nix b/modules/home-manager-modules/programs/vscode/nearley.nix new file mode 100644 index 00000000..3020a9ec --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/nearley.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.vscode-marketplace; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.nearley = { + enable = lib.mkEnableOption "should the nearley extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "nearley" { + default = ["karyfoundation" "nearley"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.nearley.enable { + extensions = [ + config.extraExtensions.nearley.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix b/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix new file mode 100644 index 00000000..c1b6daa0 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.openRemoteSsh = { + enable = lib.mkEnableOption "should the open-remote-ssh extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "open-remote-ssh" { + default = ["jeanp413" "open-remote-ssh"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.openRemoteSsh.enable { + extensions = [ + config.extraExtensions.openRemoteSsh.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/vscodeMdx.nix b/modules/home-manager-modules/programs/vscode/vscodeMdx.nix new file mode 100644 index 00000000..c49fe51c --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vscodeMdx.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vscodeMdx = { + enable = lib.mkEnableOption "should the vscode-mdx extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vscode-mdx" { + default = ["unifiedjs" "vscode-mdx"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vscodeMdx.enable { + extensions = [ + config.extraExtensions.vscodeMdx.extension + ]; + }; + })); + }; +} From 53c0526c4dbcec32ab0860c6bdfed6b8605185fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 27 Jul 2025 18:27:46 -0500 Subject: [PATCH 780/932] removed completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 141c2fd0..039391fe 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Create Tor guard/relay server - migrate away from flakes and move to npins - whisper -- figure out ai vs code plugin - nix mcp - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote From 22f2052ccffe09e660b85823647c099067169e35 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 17:53:31 -0500 Subject: [PATCH 781/932] updated flake lock --- flake.lock | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 5a853aa6..28d5df83 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1753416229, - "narHash": "sha256-45s1L4h/6t3M+/ppqow1OFUgfk9jZHsR4jxNgxIWWmM=", + "lastModified": 1753761817, + "narHash": "sha256-FE908x/ihUlr5yn1f+PTMyOjcwotGUodzn7Ej6zZf5U=", "owner": "rycee", "repo": "nur-expressions", - "rev": "553afee4efb5a7dea03cf654deafacd8fa1004f9", + "rev": "b657cfddb78408e9b53b4a8aaeaac71fc7ea182e", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1753470191, - "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", + "lastModified": 1753983724, + "narHash": "sha256-2vlAOJv4lBrE+P1uOGhZ1symyjXTRdn/mz0tZ6faQcg=", "owner": "nix-community", "repo": "home-manager", - "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", + "rev": "7035020a507ed616e2b20c61491ae3eaa8e5462c", "type": "github" }, "original": { @@ -146,11 +146,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1753306924, - "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", - "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", + "lastModified": 1753223229, + "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", + "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz?rev=1a4393d0aac31aba21f5737ede1b171e11336d77" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a" }, "original": { "type": "tarball", @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1753409666, - "narHash": "sha256-bFjln7BkIGOlLHeUzUxfEho2GnrIrQE6O59plpvPiYY=", + "lastModified": 1753928221, + "narHash": "sha256-Na6JjalzCBQx5aiZMa0QYuFU9T0FOuWSKbHnslXWln4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "38a251b6e95659b12dfb3b9fdc237d1ba2ac3786", + "rev": "1d907938c3f488949c3365afcbbd325e2ce85ee9", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753250450, - "narHash": "sha256-i+CQV2rPmP8wHxj0aq4siYyohHwVlsh40kV89f3nw1s=", + "lastModified": 1753694789, + "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fc02ee70efb805d3b2865908a13ddd4474557ecf", + "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", "type": "github" }, "original": { From 7b3d4bc0213735c56a362c841ec8a08302291a9f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 18:24:45 -0500 Subject: [PATCH 782/932] added acl rules to defiant media_directory --- modules/nixos-modules/server/jellyfin.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index bad04c98..294c8e17 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -52,6 +52,11 @@ in { ]; networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; } (lib.mkIf config.services.fail2ban.enable { environment.etc = { From 5658a392491f1dfee521bca654708c9efc1049cf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 18:30:28 -0500 Subject: [PATCH 783/932] added ACL to syncthing mnt folder --- modules/nixos-modules/sync.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix index 8915dc8b..bf430413 100644 --- a/modules/nixos-modules/sync.nix +++ b/modules/nixos-modules/sync.nix @@ -11,6 +11,7 @@ in { { systemd = lib.mkIf config.services.syncthing.enable { tmpfiles.rules = [ + "A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-" "d ${mountDir} 2755 syncthing syncthing -" "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" From 7b9d1ee390b1f2fef5009791eea36d14416d9279 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 1 Aug 2025 21:20:52 -0500 Subject: [PATCH 784/932] added qwen3:235b-a22b --- configurations/nixos/defiant/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9e8f25a3..75a4b3e7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -235,6 +235,10 @@ # agent models "qwen3:8b" "qwen3:32b" + "qwen3:235b-a22b" + + "qwen3-coder:30b" + "qwen3-coder:30b-a3b-fp16" # embedding models "nomic-embed-text:latest" From b7a4f63ddd37ec0ff780670e3e543d7cee2dbc30 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Aug 2025 17:46:56 -0500 Subject: [PATCH 785/932] further refined and documents issues with wire guard config --- .../nixos/defiant/configuration.nix | 37 +++++++++---------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 75a4b3e7..1a3de77b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -120,12 +120,6 @@ systemd.network = { enable = true; - # config = { - # routeTables = { - # p2p = 1; - # }; - # }; - netdevs = { "10-bond0" = { netdevConfig = { @@ -138,23 +132,20 @@ }; }; - # "15-p2p0" = { + # "20-wg0" = { # netdevConfig = { # Kind = "wireguard"; - # Name = "p2p0"; - # MTUBytes = "1280"; + # Name = "wg0"; # }; # wireguardConfig = { # PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; # ListenPort = 51820; - # # RouteTable = "p2p"; # }; # wireguardPeers = [ # { # PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; # Endpoint = "185.230.126.146:51820"; # AllowedIPs = ["0.0.0.0/0"]; - # RouteTable = "off"; # } # ]; # }; @@ -176,17 +167,25 @@ dns = ["192.168.1.1"]; }; - # "45-p2p0" = { - # matchConfig.Name = "p2p0"; + # For some reason this isn't working. It looks like traffic goes out and comes back but doesn't get correctly routed back to the wg interface on the return trip + # debugging steps: + # try sending data on the interface `ping -I wg0 8.8.8.8` + # view all traffic on the interface `sudo tshark -i wg0` + # see what applications are listening to port 14666 (thats what we currently have qbittorent set up to use) `ss -tuln | grep 14666` + # "50-wg0" = { + # matchConfig.Name = "wg0"; + # networkConfig = { + # DHCP = "no"; + # }; # address = [ # "10.2.0.2/32" # ]; - # routes = [ - # { - # Destination = "0.0.0.0/0"; - # } - # ]; - # linkConfig.RequiredForOnline = false; + # # routes = [ + # # { + # # Destination = "10.2.0.2/32"; + # # Gateway = "10.2.0.1"; + # # } + # # ]; # }; }; }; From 3f897fae25d419ad659b2b006324b6d90eca3785 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 4 Aug 2025 20:08:45 -0500 Subject: [PATCH 786/932] updated ai code plugin --- modules/common-modules/pkgs/codium-extensions/ai-code.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix index 38e9dd99..9c9efe3e 100644 --- a/modules/common-modules/pkgs/codium-extensions/ai-code.nix +++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix @@ -12,7 +12,7 @@ src = builtins.fetchGit { url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; - rev = "bdb615876df41717180c31640a8542b86326a9b3"; + rev = "d48e01713021dbb30de0ebbee2cfaf99e4e9b5a6"; }; npmDepsHash = "sha256-kjMyEnT3dz0yH5Ydh+aGoFDocKpBYGRmfnwbEdvvgpY="; From 7e1e1f357f0fc467566a6d777639f2c8fa0858a1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 5 Aug 2025 00:15:58 -0500 Subject: [PATCH 787/932] updated scrub email settings --- configurations/nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/disko.nix | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 1a3de77b..8b49e4b4 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -42,7 +42,7 @@ host = "smtp.protonmail.ch"; port = 587; to = "leyla@jan-leila.com"; - user = "leyla@jan-leila.com"; + user = "noreply@jan-leila.com"; tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 3d15498c..9e56d870 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -149,14 +149,13 @@ in { autoSnapshot.enable = true; zed = lib.mkIf config.host.storage.notifications.enable { - # this option is broken we are just going to disable it - enableMail = false; + enableMail = true; settings = { ZED_DEBUG_LOG = "/tmp/zed.debug.log"; ZED_EMAIL_ADDR = [config.host.storage.notifications.to]; ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; - ZED_EMAIL_OPTS = "@ADDRESS@"; + ZED_EMAIL_OPTS = "-a zfs_notifications @ADDRESS@"; ZED_NOTIFY_INTERVAL_SECS = 3600; ZED_NOTIFY_VERBOSE = true; From 93b8582734cd601320ee8f737921948306d9e859 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 6 Aug 2025 22:12:42 -0500 Subject: [PATCH 788/932] installed tab session manager --- configurations/home-manager/leyla/packages/firefox.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix index 1613cb3b..d166eb47 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/packages/firefox.nix @@ -72,6 +72,8 @@ deutsch-de-language-pack dictionary-german + tab-session-manager + # ( # buildFirefoxXpiAddon rec { # pname = "italiano-it-language-pack"; @@ -140,7 +142,6 @@ "placements" = { "widget-overflow-fixed-list" = []; "unified-extensions-area" = [ - "privacy_privacy_com-browser-action" # bitwarden "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" "ublock0_raymondhill_net-browser-action" From ee6ab1c0eb991e64fc7adf404d12867f79e39cae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 9 Aug 2025 23:32:32 -0500 Subject: [PATCH 789/932] installed printer drivers --- modules/nixos-modules/desktop.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index e1882b37..6686ee33 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -32,7 +32,14 @@ ]; services = { # Enable CUPS to print documents. - printing.enable = true; + printing = { + enable = true; + drivers = [ + pkgs.hplip + pkgs.gutenprint + pkgs.gutenprintBin + ]; + }; xserver = { # Enable the X11 windowing system. From c1926f625624b16fe8f3ffe8c9e48de3582fd24d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 13 Aug 2025 18:34:13 -0500 Subject: [PATCH 790/932] updated flake lock --- flake.lock | 128 ++++++++--------------------------------------- flake.nix | 8 +-- util/default.nix | 4 +- 3 files changed, 28 insertions(+), 112 deletions(-) diff --git a/flake.lock b/flake.lock index 28d5df83..721255f3 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1753140376, - "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", + "lastModified": 1754971456, + "narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=", "owner": "nix-community", "repo": "disko", - "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", + "rev": "8246829f2e675a46919718f9a64b71afe3bfb22d", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1753761817, - "narHash": "sha256-FE908x/ihUlr5yn1f+PTMyOjcwotGUodzn7Ej6zZf5U=", + "lastModified": 1755002386, + "narHash": "sha256-5Q7o8nv1EQi7oYD1k1F8/d+3WUiNDg9JOH8KWgP/6WQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "b657cfddb78408e9b53b4a8aaeaac71fc7ea182e", + "rev": "170f218715e93fc36a9077a926eb8516d789138b", "type": "gitlab" }, "original": { @@ -75,39 +75,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -115,11 +82,11 @@ ] }, "locked": { - "lastModified": 1753983724, - "narHash": "sha256-2vlAOJv4lBrE+P1uOGhZ1symyjXTRdn/mz0tZ6faQcg=", + "lastModified": 1755121891, + "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "7035020a507ed616e2b20c61491ae3eaa8e5462c", + "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", "type": "github" }, "original": { @@ -143,41 +110,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1753223229, - "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", - "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753282722, - "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", - "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -221,17 +153,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1753928221, - "narHash": "sha256-Na6JjalzCBQx5aiZMa0QYuFU9T0FOuWSKbHnslXWln4=", + "lastModified": 1754964325, + "narHash": "sha256-WrG74DTCE0phrOtusqkYOrQKK4DXurgW0vPnisZpw/Q=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1d907938c3f488949c3365afcbbd325e2ce85ee9", + "rev": "84da801eb3f23ea34ec96ee38df74504444e9b1d", "type": "github" }, "original": { @@ -242,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1754564048, + "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", "type": "github" }, "original": { @@ -258,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753694789, - "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", + "lastModified": 1755027561, + "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", + "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", "type": "github" }, "original": { @@ -279,7 +211,6 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -313,11 +244,11 @@ ] }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -360,21 +291,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 67ff0c42..23a8aab9 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # lix-module = { + # url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index fb2f83d1..5b617795 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 102a61b38eb0065a0c5ab1cdd263e40da884c797 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 16 Aug 2025 11:32:03 -0500 Subject: [PATCH 791/932] updated flake lock --- .../home-manager/leyla/packages/default.nix | 2 +- flake.lock | 36 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index eaaaf2d5..63f9661e 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -44,7 +44,7 @@ in { signal-desktop-bin.enable = true; calibre.enable = true; obsidian.enable = true; - jetbrains.idea-community.enable = false; + jetbrains.idea-community.enable = true; vscode.enable = true; firefox.enable = true; steam.enable = true; diff --git a/flake.lock b/flake.lock index 721255f3..6d8fa45b 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1755002386, - "narHash": "sha256-5Q7o8nv1EQi7oYD1k1F8/d+3WUiNDg9JOH8KWgP/6WQ=", + "lastModified": 1755246238, + "narHash": "sha256-KVPjWo/RVQBQe6N03cNbSVM/xNCv2506wE4A8wL73sk=", "owner": "rycee", "repo": "nur-expressions", - "rev": "170f218715e93fc36a9077a926eb8516d789138b", + "rev": "e6c2e889b34f5f623a7749a46e2aa5ea6e7256a0", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1755121891, - "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", + "lastModified": 1755313937, + "narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=", "owner": "nix-community", "repo": "home-manager", - "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", + "rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1751313918, - "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", + "lastModified": 1755275010, + "narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", + "rev": "7220b01d679e93ede8d7b25d6f392855b81dd475", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1754964325, - "narHash": "sha256-WrG74DTCE0phrOtusqkYOrQKK4DXurgW0vPnisZpw/Q=", + "lastModified": 1755309796, + "narHash": "sha256-0mvqD8Cul8Bq+NqeeNy5cbi59R5w8EzaaimJBFpKJ4A=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "84da801eb3f23ea34ec96ee38df74504444e9b1d", + "rev": "73db918d57f44c8a0d8a809596863188675f9cab", "type": "github" }, "original": { @@ -174,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1754564048, - "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755027561, - "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { From d12f4b5327fcb50f82f1ddce5db89941bfd78a8e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 21 Aug 2025 22:02:10 -0500 Subject: [PATCH 792/932] installed actual on defiant --- .../nixos/defiant/configuration.nix | 5 ++ modules/nixos-modules/server/actual.nix | 54 +++++++++++++++++++ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/users.nix | 15 ++++++ 4 files changed, 75 insertions(+) create mode 100644 modules/nixos-modules/server/actual.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 8b49e4b4..9ef4c82c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -284,6 +284,11 @@ subdomain = "search"; }; + actual = { + enable = true; + subdomain = "budget"; + }; + home-assistant = { enable = true; subdomain = "home"; diff --git a/modules/nixos-modules/server/actual.nix b/modules/nixos-modules/server/actual.nix new file mode 100644 index 00000000..7fc0b93e --- /dev/null +++ b/modules/nixos-modules/server/actual.nix @@ -0,0 +1,54 @@ +{ + lib, + config, + ... +}: let + dataDirectory = "/var/lib/actual/"; +in { + options.services.actual = { + subdomain = lib.mkOption { + type = lib.types.str; + default = "actual"; + description = "subdomain of base domain that actual will be hosted at"; + }; + }; + + config = lib.mkIf config.services.actual.enable (lib.mkMerge [ + { + systemd.tmpfiles.rules = [ + "d ${dataDirectory} 2770 actual actual" + ]; + host = { + reverse_proxy.subdomains.${config.services.actual.subdomain} = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + }; + }; + + services.actual = { + settings = { + ACTUAL_DATA_DIR = dataDirectory; + }; + }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: configuration for fail2ban for actual + }) + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; + message = "actual data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDirectory; + user = "actual"; + group = "actual"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 95c7096e..4ca50e25 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -13,5 +13,6 @@ ./immich.nix ./qbittorent.nix ./paperless.nix + ./actual.nix ]; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index eeddafdd..7fd43da1 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -24,6 +24,7 @@ immich = 2010; qbittorrent = 2011; paperless = 2012; + actual = 2013; }; gids = { @@ -40,6 +41,7 @@ immich = 2010; qbittorrent = 2011; paperless = 2012; + actual = 2013; }; users = config.users.users; @@ -169,6 +171,12 @@ in { isSystemUser = true; group = config.users.users.paperless.name; }; + + actual = { + uid = lib.mkForce uids.actual; + isSystemUser = true; + group = config.users.users.actual.name; + }; }; groups = { @@ -272,6 +280,13 @@ in { users.paperless.name ]; }; + + actual = { + gid = lib.mkForce gids.actual; + members = [ + users.actual.name + ]; + }; }; }; } From bf07bbdb1b69977ff639de4e8b089ee713e70db4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 23 Aug 2025 13:26:04 -0500 Subject: [PATCH 793/932] updated flake lock --- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 36 +++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9ef4c82c..b7da7638 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -285,7 +285,7 @@ }; actual = { - enable = true; + enable = false; subdomain = "budget"; }; diff --git a/flake.lock b/flake.lock index 6d8fa45b..f885584b 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1754971456, - "narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=", + "lastModified": 1755519972, + "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", "owner": "nix-community", "repo": "disko", - "rev": "8246829f2e675a46919718f9a64b71afe3bfb22d", + "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1755246238, - "narHash": "sha256-KVPjWo/RVQBQe6N03cNbSVM/xNCv2506wE4A8wL73sk=", + "lastModified": 1755921820, + "narHash": "sha256-xTRXoaGtuIi4VvJNGuHC8DPHnEIJUqVtt7kqU8MdXes=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e6c2e889b34f5f623a7749a46e2aa5ea6e7256a0", + "rev": "c43149f02063de9b0d75c2b45f54631bd82667b2", "type": "gitlab" }, "original": { @@ -82,11 +82,11 @@ ] }, "locked": { - "lastModified": 1755313937, - "narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=", + "lastModified": 1755914636, + "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=", "owner": "nix-community", "repo": "home-manager", - "rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10", + "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0", "type": "github" }, "original": { @@ -117,11 +117,11 @@ ] }, "locked": { - "lastModified": 1755275010, - "narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=", + "lastModified": 1755825449, + "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "7220b01d679e93ede8d7b25d6f392855b81dd475", + "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1755309796, - "narHash": "sha256-0mvqD8Cul8Bq+NqeeNy5cbi59R5w8EzaaimJBFpKJ4A=", + "lastModified": 1755914146, + "narHash": "sha256-ew98ilw4NTodKlILnr3ndsT0Aj9JhqC507JB3efa0pY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "73db918d57f44c8a0d8a809596863188675f9cab", + "rev": "ff42a421ff1d415caa0125e6af6f3bd82e642838", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { From 19bd67afe58c186feacc659789288a8e7cfc7171 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Aug 2025 15:55:07 -0500 Subject: [PATCH 794/932] installed claudeDev --- .../leyla/packages/vscode/default.nix | 8 ++---- .../nixos/defiant/configuration.nix | 4 +++ .../programs/vscode/claudeDev.nix | 27 +++++++++++++++++++ .../programs/vscode/default.nix | 1 + 4 files changed, 34 insertions(+), 6 deletions(-) create mode 100644 modules/home-manager-modules/programs/vscode/claudeDev.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 6e7887a5..3878d947 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -66,12 +66,8 @@ in { # go development go.enable = true; - # ai tooling - aiCode = { - enable = ai-tooling-enabled; - ollamaHost = "http://defiant:11434"; - inlineCompletion.model = "qwen3:4b"; - }; + # claude development + claudeDev.enable = ai-tooling-enabled; # misc extensions evenBetterToml.enable = true; diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index b7da7638..81511116 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -218,6 +218,10 @@ acceleration = false; + environmentVariables = { + OLLAMA_KEEP_ALIVE = "24h"; + }; + loadModels = [ # conversation models "llama3.1:8b" diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix new file mode 100644 index 00000000..8d5dd750 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.claudeDev = { + enable = lib.mkEnableOption "should the claude-dev extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "claude-dev" { + default = ["saoudrizwan" "claude-dev"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.claudeDev.enable { + extensions = [ + config.extraExtensions.claudeDev.extension + ]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index ea54d4fb..a86d0c3a 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -18,6 +18,7 @@ ./openRemoteSsh.nix ./astroVscode.nix ./vscodeMdx.nix + ./claudeDev.nix ./nearley.nix ]; } From d128b54a0583628017acf18d12890301dce80fa3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 24 Aug 2025 23:01:04 -0500 Subject: [PATCH 795/932] removed redundant part of config --- configurations/nixos/defiant/configuration.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 81511116..14410f4f 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -194,12 +194,6 @@ boot.kernelParams = ["zfs.zfs_arc_max=53687091200"]; services = { - # TODO: move zfs scrubbing into module - zfs = { - autoScrub.enable = true; - autoSnapshot.enable = true; - }; - # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; From 060e6ef037361c3fca9a2411f3c8cf8d25ab230c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 26 Aug 2025 15:53:45 -0500 Subject: [PATCH 796/932] installed fonts --- configurations/home-manager/leyla/default.nix | 8 ++++++++ configurations/home-manager/leyla/packages/default.nix | 2 -- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 538eab86..6d759c5c 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,4 +1,5 @@ { + pkgs, config, osConfig, ... @@ -82,5 +83,12 @@ # EDITOR = "emacs"; }; }; + + # TODO: move this into a fonts module + home.packages = with pkgs; [ + aileron + nerd-fonts.open-dyslexic + ]; + fonts.fontconfig.enable = true; }; } diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 63f9661e..6a24e31a 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -67,8 +67,6 @@ in { home.packages = ( (with pkgs; [ - aileron - proxmark3 ]) ++ ( From dbe4b674d7c409049fa2abe694755ab022cb61fc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 26 Aug 2025 18:00:12 -0500 Subject: [PATCH 797/932] set zfs auth and tls to true --- configurations/home-manager/leyla/packages/default.nix | 2 ++ modules/nixos-modules/disko.nix | 2 ++ 2 files changed, 4 insertions(+) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 6a24e31a..702edda2 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -108,6 +108,8 @@ in { (lib.mkIf hardware.piperMouse.enable piper) (lib.mkIf hardware.openRGB.enable openrgb) (lib.mkIf hardware.viaKeyboard.enable via) + + (lib.mkIf osConfig.host.ai.enable claude-code) ]) ) ); diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 9e56d870..a962689e 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -136,6 +136,8 @@ in { }; accounts = { zfs_notifications = { + auth = true; + tls = true; host = config.host.storage.notifications.host; passwordeval = "cat ${config.host.storage.notifications.tokenFile}"; user = config.host.storage.notifications.user; From 9c8de12ad37978ed5d40b87ecd0775dd38569767 Mon Sep 17 00:00:00 2001 From: Eve Date: Wed, 27 Aug 2025 10:52:24 -0500 Subject: [PATCH 798/932] installed tailscale --- configurations/nixos/emergent/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index 90aecabd..bb671f73 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -67,6 +67,8 @@ }; }; + services.tailscale.enable = true; + # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; From 1c079fa47906cb8c305718471ae2fc35f670aa85 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 13:37:31 -0500 Subject: [PATCH 799/932] installed vitest --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/default.nix | 1 + .../programs/vscode/vitest.nix | 27 +++++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/vitest.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 3878d947..651d941b 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -50,6 +50,7 @@ in { tauriVscode.enable = true; vscodeEslint.enable = true; vscodeJest.enable = true; + vitest.enable = true; vscodeStandard.enable = true; vscodeStylelint.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index a86d0c3a..50b323da 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -20,5 +20,6 @@ ./vscodeMdx.nix ./claudeDev.nix ./nearley.nix + ./vitest.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/vitest.nix b/modules/home-manager-modules/programs/vscode/vitest.nix new file mode 100644 index 00000000..446d25bc --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/vitest.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.vitest = { + enable = lib.mkEnableOption "should the vitest extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "vitest" { + default = ["vitest" "explorer"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.vitest.enable { + extensions = [ + config.extraExtensions.vitest.extension + ]; + }; + })); + }; +} From ca2b188560ba131ac0e10539d6921ef1318538e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 17:51:11 -0500 Subject: [PATCH 800/932] fixed nfs mounts --- README.md | 1 - .../nixos/horizon/configuration.nix | 79 +++++++++++++++++++ .../nixos/twilight/configuration.nix | 43 +++++++--- .../server/network_storage/default.nix | 2 +- .../server/network_storage/nfs.nix | 10 ++- 5 files changed, 120 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 039391fe..e379f913 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - auto turn off on power loss - nut - zfs email after scrubbing # TODO: test this - SMART test with email results -- fix nfs - samba mounts - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - Create Tor guard/relay server diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 99b6ee9d..adaab1ca 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -135,6 +135,85 @@ }; }; + # NFS support for mobile device - optimized for frequent disconnections + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" # Allow interruption of NFS calls + "timeo=30" # 3 second timeout (30 deciseconds) + "retrans=2" # Only 2 retries before giving up + "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile + "x-systemd.device-timeout=15" # 15 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + "x-systemd.mount-timeout=30" # 30 second mount timeout + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + # Mobile-optimized read settings + "rsize=8192" # Smaller read size for mobile + "wsize=8192" # Smaller write size for mobile + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + }; + + # Enable network-online.target for better network dependency handling + systemd.services.NetworkManager-wait-online.enable = true; + # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 111c002a..7d884301 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -140,12 +140,20 @@ options = [ "x-systemd.automount" "noauto" - "user" "noatime" "nofail" "soft" - "x-systemd.idle-timeout=600" - "fsc" + "intr" # Allow interruption of NFS calls + "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile + "retrans=3" # 3 retries for desktop + "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop + "x-systemd.device-timeout=30" # 30 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + "x-systemd.mount-timeout=60" # 60 second mount timeout for desktop ]; }; @@ -155,11 +163,17 @@ options = [ "x-systemd.automount" "noauto" - "user" "nofail" "soft" + "intr" + "timeo=50" + "retrans=3" "x-systemd.idle-timeout=600" + "bg" "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" ]; }; @@ -169,21 +183,30 @@ options = [ "x-systemd.automount" "noauto" - "user" "noatime" "nofail" "soft" + "intr" + "timeo=50" + "retrans=3" "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "rsize=32768" - "wsize=32768" + "x-systemd.device-timeout=30" + "bg" + # Desktop-optimized read settings + "rsize=32768" # Larger read size for desktop + "wsize=32768" # Larger write size for desktop "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=60" ]; }; }; + # Enable network-online.target for better network dependency handling + systemd.services.NetworkManager-wait-online.enable = true; + environment.systemPackages = with pkgs; [ cachefilesd ]; diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index 00ea7acc..eaac7fe1 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -15,7 +15,7 @@ in { export_directory = lib.mkOption { type = lib.types.path; description = "what are exports going to be stored in"; - default = "/export"; + default = "/exports"; }; directories = lib.mkOption { type = lib.types.listOf (lib.types.submodule ({config, ...}: { diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix index bad04520..297dc1a4 100644 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ b/modules/nixos-modules/server/network_storage/nfs.nix @@ -61,8 +61,6 @@ # loopback "127.0.0.1" "::1" - # local network - # "192.168.0.0/24" # tailscale "100.64.0.0/10" "fd7a:115c:a1e0::/48" @@ -84,7 +82,7 @@ ); }; }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let + networking.firewall = let ports = [ 111 config.host.network_storage.nfs.port @@ -94,6 +92,12 @@ 20048 ]; in { + # Allow NFS on Tailscale interface + interfaces.${config.services.tailscale.interfaceName} = { + allowedTCPPorts = ports; + allowedUDPPorts = ports; + }; + # Allow NFS on local network (assuming default interface) allowedTCPPorts = ports; allowedUDPPorts = ports; }; From 4a7b57df99579df26939ee967c100c4594e3a2a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 21:19:04 -0500 Subject: [PATCH 801/932] removed invalid config option --- configurations/nixos/twilight/configuration.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 7d884301..245b4f79 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -153,7 +153,6 @@ "_netdev" # Network device - wait for network "x-systemd.requires=network-online.target" # Require network to be online "x-systemd.after=network-online.target" # Start after network is online - "x-systemd.mount-timeout=60" # 60 second mount timeout for desktop ]; }; @@ -199,7 +198,6 @@ "_netdev" "x-systemd.requires=network-online.target" "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=60" ]; }; }; From 0d2a3e26a8a9593cd70e14ade62c46ad3f69c338 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 27 Aug 2025 21:21:39 -0500 Subject: [PATCH 802/932] moved network mounts out of main config and into their own file --- .../nixos/horizon/configuration.nix | 76 ------------------- configurations/nixos/horizon/default.nix | 1 + .../nixos/horizon/network-mount.nix | 76 +++++++++++++++++++ .../nixos/twilight/configuration.nix | 71 ----------------- configurations/nixos/twilight/default.nix | 1 + .../nixos/twilight/network-mount.nix | 72 ++++++++++++++++++ 6 files changed, 150 insertions(+), 147 deletions(-) create mode 100644 configurations/nixos/horizon/network-mount.nix create mode 100644 configurations/nixos/twilight/network-mount.nix diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index adaab1ca..731c6b02 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -135,82 +135,6 @@ }; }; - # NFS support for mobile device - optimized for frequent disconnections - boot.supportedFilesystems = ["nfs"]; - - fileSystems = { - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" # Allow interruption of NFS calls - "timeo=30" # 3 second timeout (30 deciseconds) - "retrans=2" # Only 2 retries before giving up - "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile - "x-systemd.device-timeout=15" # 15 second device timeout - "bg" # Background mount - don't block boot - "fsc" # Enable caching - "_netdev" # Network device - wait for network - "x-systemd.requires=network-online.target" # Require network to be online - "x-systemd.after=network-online.target" # Start after network is online - "x-systemd.mount-timeout=30" # 30 second mount timeout - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "nofail" - "soft" - "intr" - "timeo=30" - "retrans=2" - "x-systemd.idle-timeout=300" - "x-systemd.device-timeout=15" - "bg" - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=30" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" - "timeo=30" - "retrans=2" - "x-systemd.idle-timeout=300" - "x-systemd.device-timeout=15" - "bg" - # Mobile-optimized read settings - "rsize=8192" # Smaller read size for mobile - "wsize=8192" # Smaller write size for mobile - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=30" - ]; - }; - }; - # Enable network-online.target for better network dependency handling systemd.services.NetworkManager-wait-online.enable = true; diff --git a/configurations/nixos/horizon/default.nix b/configurations/nixos/horizon/default.nix index 12632155..0f307d27 100644 --- a/configurations/nixos/horizon/default.nix +++ b/configurations/nixos/horizon/default.nix @@ -3,5 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + ./network-mount.nix ]; } diff --git a/configurations/nixos/horizon/network-mount.nix b/configurations/nixos/horizon/network-mount.nix new file mode 100644 index 00000000..fde16f5c --- /dev/null +++ b/configurations/nixos/horizon/network-mount.nix @@ -0,0 +1,76 @@ +{...}: { + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" # Allow interruption of NFS calls + "timeo=30" # 3 second timeout (30 deciseconds) + "retrans=2" # Only 2 retries before giving up + "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile + "x-systemd.device-timeout=15" # 15 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + "x-systemd.mount-timeout=30" # 30 second mount timeout + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" + "timeo=30" + "retrans=2" + "x-systemd.idle-timeout=300" + "x-systemd.device-timeout=15" + "bg" + # Mobile-optimized read settings + "rsize=8192" # Smaller read size for mobile + "wsize=8192" # Smaller write size for mobile + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + "x-systemd.mount-timeout=30" + ]; + }; + }; +} diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 245b4f79..477c5178 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -131,77 +131,6 @@ syncthing.enable = true; }; - boot.supportedFilesystems = ["nfs"]; - - fileSystems = { - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" # Allow interruption of NFS calls - "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile - "retrans=3" # 3 retries for desktop - "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop - "x-systemd.device-timeout=30" # 30 second device timeout - "bg" # Background mount - don't block boot - "fsc" # Enable caching - "_netdev" # Network device - wait for network - "x-systemd.requires=network-online.target" # Require network to be online - "x-systemd.after=network-online.target" # Start after network is online - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "nofail" - "soft" - "intr" - "timeo=50" - "retrans=3" - "x-systemd.idle-timeout=600" - "bg" - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" - "timeo=50" - "retrans=3" - "x-systemd.idle-timeout=600" - "x-systemd.device-timeout=30" - "bg" - # Desktop-optimized read settings - "rsize=32768" # Larger read size for desktop - "wsize=32768" # Larger write size for desktop - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - ]; - }; - }; - # Enable network-online.target for better network dependency handling systemd.services.NetworkManager-wait-online.enable = true; diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index 43a9164a..f61e0ad3 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -4,5 +4,6 @@ ./configuration.nix ./hardware-configuration.nix ./nvidia-drivers.nix + ./network-mount.nix ]; } diff --git a/configurations/nixos/twilight/network-mount.nix b/configurations/nixos/twilight/network-mount.nix new file mode 100644 index 00000000..9f84b040 --- /dev/null +++ b/configurations/nixos/twilight/network-mount.nix @@ -0,0 +1,72 @@ +{...}: { + boot.supportedFilesystems = ["nfs"]; + + fileSystems = { + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" # Allow interruption of NFS calls + "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile + "retrans=3" # 3 retries for desktop + "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop + "x-systemd.device-timeout=30" # 30 second device timeout + "bg" # Background mount - don't block boot + "fsc" # Enable caching + "_netdev" # Network device - wait for network + "x-systemd.requires=network-online.target" # Require network to be online + "x-systemd.after=network-online.target" # Start after network is online + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "nofail" + "soft" + "intr" + "timeo=50" + "retrans=3" + "x-systemd.idle-timeout=600" + "bg" + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "noatime" + "nofail" + "soft" + "intr" + "timeo=50" + "retrans=3" + "x-systemd.idle-timeout=600" + "x-systemd.device-timeout=30" + "bg" + # Desktop-optimized read settings + "rsize=32768" # Larger read size for desktop + "wsize=32768" # Larger write size for desktop + "fsc" + "_netdev" + "x-systemd.requires=network-online.target" + "x-systemd.after=network-online.target" + ]; + }; + }; +} From 0d57fb08b162a3f35e77cc580b938b2307695deb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 28 Aug 2025 11:48:00 -0500 Subject: [PATCH 803/932] set up nix mcp server --- README.md | 1 - .../leyla/packages/vscode/default.nix | 5 +- flake.lock | 94 ++++++++++++++++++- flake.nix | 8 ++ .../programs/vscode/claudeDev.nix | 36 +++++++ 5 files changed, 140 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e379f913..339a8e8d 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Create Tor guard/relay server - migrate away from flakes and move to npins - whisper -- nix mcp - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote - rotate sops encryption keys periodically (and somehow sync between devices?) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 651d941b..c605f9bc 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -68,7 +68,10 @@ in { go.enable = true; # claude development - claudeDev.enable = ai-tooling-enabled; + claudeDev = lib.mkIf ai-tooling-enabled { + enable = true; + mcp.nixos.enable = true; + }; # misc extensions evenBetterToml.enable = true; diff --git a/flake.lock b/flake.lock index f885584b..03a9467f 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,23 @@ { "nodes": { + "devshell": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -75,6 +93,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -110,6 +146,28 @@ "type": "github" } }, + "mcp-nixos": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1755372538, + "narHash": "sha256-iWhsf1Myk6RyQ7IuNf4bWI3Sqq9pgmhKvEisCXtkxyw=", + "owner": "utensils", + "repo": "mcp-nixos", + "rev": "46b4d4d3d6421bfbadc415532ef74433871e1cda", + "type": "github" + }, + "original": { + "owner": "utensils", + "repo": "mcp-nixos", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -153,7 +211,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -189,6 +247,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1722073938, + "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -211,11 +285,12 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "mcp-nixos": "mcp-nixos", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "secrets": "secrets", "sops-nix": "sops-nix", "steam-fetcher": "steam-fetcher" @@ -291,6 +366,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 23a8aab9..79800128 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,12 @@ url = "github:nix-community/steam-fetcher"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # MCP NixOS server for Claude Dev + mcp-nixos = { + url = "github:utensils/mcp-nixos"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -157,6 +163,8 @@ disko # for viewing dconf entries dconf-editor + # for MCP NixOS server support in development + inputs.mcp-nixos.packages.${system}.default ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 8d5dd750..5e08b418 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -2,10 +2,27 @@ lib, pkgs, config, + inputs, ... }: let pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; pkgsRepository = pkgsRepositories.open-vsx; + + mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; + + anyProfileHasMcpNixos = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.nixos.enable + ) (lib.attrValues config.programs.vscode.profiles); + + mcpServersConfig = lib.mkMerge [ + (lib.mkIf anyProfileHasMcpNixos { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }) + ]; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -15,6 +32,12 @@ in { extension = lib.mkPackageOption pkgsRepository "claude-dev" { default = ["saoudrizwan" "claude-dev"]; }; + + mcp = { + nixos = { + enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; + }; + }; }; }; config = lib.mkIf config.extraExtensions.claudeDev.enable { @@ -24,4 +47,17 @@ in { }; })); }; + + config = lib.mkIf anyProfileHasMcpNixos { + home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { + text = builtins.toJSON { + mcpServers = mcpServersConfig; + }; + force = true; + }; + + home.packages = [ + mcp-nixos + ]; + }; } From 9f94a218cc2e01ad756c8a4313c54416fabe10ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 28 Aug 2025 14:11:29 -0500 Subject: [PATCH 804/932] disabled nfs mounts --- configurations/nixos/horizon/default.nix | 2 +- configurations/nixos/twilight/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/horizon/default.nix b/configurations/nixos/horizon/default.nix index 0f307d27..b916d828 100644 --- a/configurations/nixos/horizon/default.nix +++ b/configurations/nixos/horizon/default.nix @@ -3,6 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix - ./network-mount.nix + # ./network-mount.nix ]; } diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index f61e0ad3..aa841f80 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -4,6 +4,6 @@ ./configuration.nix ./hardware-configuration.nix ./nvidia-drivers.nix - ./network-mount.nix + # ./network-mount.nix ]; } From 5a53a7bac44e25d21c0547cc7dd4194b4b0a6deb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 28 Aug 2025 14:14:05 -0500 Subject: [PATCH 805/932] installed nix mcp server --- .../programs/vscode/claudeDev.nix | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 5e08b418..a2b4b9ef 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -15,14 +15,6 @@ profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); - - mcpServersConfig = lib.mkMerge [ - (lib.mkIf anyProfileHasMcpNixos { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }) - ]; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -51,7 +43,11 @@ in { config = lib.mkIf anyProfileHasMcpNixos { home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { text = builtins.toJSON { - mcpServers = mcpServersConfig; + mcpServers = { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }; }; force = true; }; From 6e0650f73b6ac42edb549ca1eef2579e8b935bd6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 31 Aug 2025 13:56:20 -0500 Subject: [PATCH 806/932] installed the eslint mcp server --- .../leyla/packages/vscode/default.nix | 5 +- .../programs/vscode/claudeDev.nix | 60 ++++++++++++++----- 2 files changed, 49 insertions(+), 16 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index c605f9bc..778439ad 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -70,7 +70,10 @@ in { # claude development claudeDev = lib.mkIf ai-tooling-enabled { enable = true; - mcp.nixos.enable = true; + mcp = { + nixos.enable = true; + eslint.enable = true; + }; }; # misc extensions diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index a2b4b9ef..11eb1555 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -10,11 +10,21 @@ mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; + mcp-eslint = pkgs.writeShellScriptBin "mcp-eslint" '' + ${pkgs.nodejs}/bin/npx --yes @modelcontextprotocol/server-eslint "$@" + ''; + anyProfileHasMcpNixos = lib.any ( profile: profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcpEslint = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.eslint.enable + ) (lib.attrValues config.programs.vscode.profiles); in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -29,6 +39,9 @@ in { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; }; + eslint = { + enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; + }; }; }; }; @@ -40,20 +53,37 @@ in { })); }; - config = lib.mkIf anyProfileHasMcpNixos { - home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { - text = builtins.toJSON { - mcpServers = { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }; - }; - force = true; - }; + config = lib.mkMerge [ + (lib.mkIf anyProfileHasMcpNixos { + home.packages = [ + mcp-nixos + ]; + }) - home.packages = [ - mcp-nixos - ]; - }; + (lib.mkIf anyProfileHasMcpEslint { + home.packages = [ + mcp-eslint + pkgs.eslint + ]; + }) + + (lib.mkIf (anyProfileHasMcpNixos || anyProfileHasMcpEslint) { + home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { + text = builtins.toJSON { + mcpServers = + (lib.optionalAttrs anyProfileHasMcpNixos { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }) + // (lib.optionalAttrs anyProfileHasMcpEslint { + eslint = { + command = "${mcp-eslint}/bin/mcp-eslint"; + }; + }); + }; + force = true; + }; + }) + ]; } From d89d085409d97668230204eb2fbc218ce6ecf4b2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:05:27 -0500 Subject: [PATCH 807/932] updated flake lock --- .../nixos/defiant/configuration.nix | 2 +- flake.lock | 36 +++++++++---------- modules/home-manager-modules/openssh.nix | 9 +++-- modules/nixos-modules/server/forgejo.nix | 8 ++++- 4 files changed, 33 insertions(+), 22 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 14410f4f..e109d450 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -296,7 +296,7 @@ extensions = { sonos.enable = true; jellyfin.enable = true; - wyoming.enable = true; + wyoming.enable = false; # Temporarily disabled due to dependency conflict in wyoming-piper }; }; diff --git a/flake.lock b/flake.lock index 03a9467f..5b4d6a39 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1755519972, - "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=", + "lastModified": 1756733629, + "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", "owner": "nix-community", "repo": "disko", - "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d", + "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1755921820, - "narHash": "sha256-xTRXoaGtuIi4VvJNGuHC8DPHnEIJUqVtt7kqU8MdXes=", + "lastModified": 1756699417, + "narHash": "sha256-rpRy5ae5ijEGaK+Cr66NqCQJ6ZeUE5Zi8gUWgKhesto=", "owner": "rycee", "repo": "nur-expressions", - "rev": "c43149f02063de9b0d75c2b45f54631bd82667b2", + "rev": "007b803d1eff595d25e7886e83054dbd038bf029", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1755914636, - "narHash": "sha256-VJ+Gm6YsHlPfUCpmRQxvdiZW7H3YPSrdVOewQHAhZN8=", + "lastModified": 1756734952, + "narHash": "sha256-H6jmduj4QIncLPAPODPSG/8ry9lpr1kRq6fYytU52qU=", "owner": "nix-community", "repo": "home-manager", - "rev": "8b55a6ac58b678199e5bba701aaff69e2b3281c0", + "rev": "29ab63bbb3d9eee4a491f7ce701b189becd34068", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1755914146, - "narHash": "sha256-ew98ilw4NTodKlILnr3ndsT0Aj9JhqC507JB3efa0pY=", + "lastModified": 1756692643, + "narHash": "sha256-SVos3AYuLvF6bD8Y0b6EiLABoEaiAOa4M/fTCBe0FV8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ff42a421ff1d415caa0125e6af6f3bd82e642838", + "rev": "2f1d16db96f1ce8ee3c893ea9dc49c0035846988", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1755330281, - "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", + "lastModified": 1756245047, + "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", + "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1756542300, + "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index c8ba22d0..9d77d106 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -45,8 +45,13 @@ services.ssh-agent.enable = true; programs.ssh = { enable = true; - compression = true; - addKeysToAgent = "confirm"; + enableDefaultConfig = false; + matchBlocks = { + "*" = { + compression = true; + addKeysToAgent = "confirm"; + }; + }; extraConfig = lib.strings.concatLines ( builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys ); diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 7898daad..de06f944 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -19,6 +19,12 @@ in { config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; host = { reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { target = "http://localhost:${toString forgejoPort}"; @@ -52,7 +58,7 @@ in { START_SSH_SERVER = true; SSH_LISTEN_PORT = sshPort; SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = config.users.users.git.name; + BUILTIN_SSH_SERVER_USER = "git"; ROOT_URL = "https://git.jan-leila.com"; }; service = { From afcf4156212747cac2751061ed3307646ce64530 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:11:29 -0500 Subject: [PATCH 808/932] enabled power management from twilight and emergent --- configurations/nixos/emergent/nvidia-drivers.nix | 2 +- configurations/nixos/twilight/nvidia-drivers.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix index fb66cf66..b532446d 100644 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ b/configurations/nixos/emergent/nvidia-drivers.nix @@ -27,7 +27,7 @@ # Enable this if you have graphical corruption issues or application crashes after waking # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. - powerManagement.enable = false; + powerManagement.enable = true; # Fine-grained power management. Turns off GPU when not in use. # Experimental and only works on modern Nvidia GPUs (Turing or newer). diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix index 47763f88..d875e37d 100644 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ b/configurations/nixos/twilight/nvidia-drivers.nix @@ -21,7 +21,7 @@ # Enable this if you have graphical corruption issues or application crashes after waking # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # of just the bare essentials. - powerManagement.enable = false; + powerManagement.enable = true; # Fine-grained power management. Turns off GPU when not in use. # Experimental and only works on modern Nvidia GPUs (Turing or newer). From b7dd5328d0c3a653e8e68c5df8e1f686fba57720 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:20:24 -0500 Subject: [PATCH 809/932] moved piper to module with enable option --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 2 +- .../home-manager-modules/programs/default.nix | 1 + modules/home-manager-modules/programs/piper.nix | 17 +++++++++++++++++ 4 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager-modules/programs/piper.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 295597aa..754ced2d 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -20,7 +20,6 @@ in { ungoogled-chromium krita gnomeExtensions.dash-to-panel - (lib.mkIf hardware.piperMouse.enable piper) ] ); @@ -61,6 +60,7 @@ in { makemkv.enable = true; signal-desktop-bin.enable = true; steam.enable = true; + piper.enable = hardware.piperMouse.enable; }) ]; }; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 702edda2..33c6103a 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -36,6 +36,7 @@ in { protonvpn-gui.enable = true; dbeaver-bin.enable = true; bruno.enable = true; + piper.enable = hardware.piperMouse.enable; }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { anki.enable = true; @@ -105,7 +106,6 @@ in { noisetorch # hardware management tools - (lib.mkIf hardware.piperMouse.enable piper) (lib.mkIf hardware.openRGB.enable openrgb) (lib.mkIf hardware.viaKeyboard.enable via) diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 675e77da..be4b0725 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -6,6 +6,7 @@ ./makemkv.nix ./obs.nix ./anki.nix + ./piper.nix ./qbittorrent.nix ./discord.nix ./obsidian.nix diff --git a/modules/home-manager-modules/programs/piper.nix b/modules/home-manager-modules/programs/piper.nix new file mode 100644 index 00000000..ec0d887d --- /dev/null +++ b/modules/home-manager-modules/programs/piper.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.piper = { + enable = lib.mkEnableOption "enable piper"; + }; + + config = lib.mkIf config.programs.piper.enable { + home.packages = with pkgs; [ + piper + ]; + }; +} From 2d396228c728a19f46e69c09fc22bfb8e9eb9ab1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 2 Sep 2025 23:27:26 -0500 Subject: [PATCH 810/932] moved krita to programs folder --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 2 +- .../home-manager-modules/programs/default.nix | 1 + .../home-manager-modules/programs/krita.nix | 30 +++++++++++++++++++ 4 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 modules/home-manager-modules/programs/krita.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 754ced2d..f7f0c784 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -18,7 +18,6 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ ungoogled-chromium - krita gnomeExtensions.dash-to-panel ] ); @@ -61,6 +60,7 @@ in { signal-desktop-bin.enable = true; steam.enable = true; piper.enable = hardware.piperMouse.enable; + krita.enable = true; }) ]; }; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 33c6103a..717b1533 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -49,6 +49,7 @@ in { vscode.enable = true; firefox.enable = true; steam.enable = true; + krita.enable = true; }) ]; } @@ -77,7 +78,6 @@ in { libreoffice inkscape gimp - krita freecad # cura # kicad-small diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index be4b0725..f2a22ee2 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -12,6 +12,7 @@ ./obsidian.nix ./prostudiomasters.nix ./idea.nix + ./krita.nix ./protonvpn.nix ./calibre.nix ./bruno.nix diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix new file mode 100644 index 00000000..d6622510 --- /dev/null +++ b/modules/home-manager-modules/programs/krita.nix @@ -0,0 +1,30 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.krita = { + enable = lib.mkEnableOption "enable krita"; + }; + + config = lib.mkIf config.programs.krita.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + krita + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/kritarc" + "${config.xdg.dataHome}/krita" + ]; + allowOther = true; + }; + } + ) + ]); +} From fab03391fced092fa46b50fb14815f566036703d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 00:33:53 -0500 Subject: [PATCH 811/932] updated flake.lock --- flake.lock | 30 +++++++++++----------- modules/nixos-modules/server/paperless.nix | 3 +-- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 5b4d6a39..19959d9d 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1756699417, - "narHash": "sha256-rpRy5ae5ijEGaK+Cr66NqCQJ6ZeUE5Zi8gUWgKhesto=", + "lastModified": 1756958609, + "narHash": "sha256-1nRGsnPZjOubRTsXEsnJqWlLsgo/Xq7tN7PWK57dFDQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "007b803d1eff595d25e7886e83054dbd038bf029", + "rev": "b2a4e1bc62946403f82594ab9550ac13a1afa4df", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1756734952, - "narHash": "sha256-H6jmduj4QIncLPAPODPSG/8ry9lpr1kRq6fYytU52qU=", + "lastModified": 1756954499, + "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "29ab63bbb3d9eee4a491f7ce701b189becd34068", + "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1756692643, - "narHash": "sha256-SVos3AYuLvF6bD8Y0b6EiLABoEaiAOa4M/fTCBe0FV8=", + "lastModified": 1756950692, + "narHash": "sha256-3MnwSjiqIK8XtKZ1pkhuiv2wnCzQfulc5Wu0pWFluew=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2f1d16db96f1ce8ee3c893ea9dc49c0035846988", + "rev": "5ae2ac105a0d3ed2230a225ef6441928286897da", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1756245047, - "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=", + "lastModified": 1756925795, + "narHash": "sha256-kUb5hehaikfUvoJDEc7ngiieX88TwWX/bBRX9Ar6Tac=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7", + "rev": "ba6fab29768007e9f2657014a6e134637100c57d", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1756542300, - "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", + "lastModified": 1756787288, + "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", + "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix index 0243d534..b97c48d9 100644 --- a/modules/nixos-modules/server/paperless.nix +++ b/modules/nixos-modules/server/paperless.nix @@ -51,10 +51,9 @@ in { }; }; services.paperless = { + domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; configureTika = true; settings = { - PAPERLESS_URL = "https://${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; - PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBHOST = "/run/postgresql"; PAPERLESS_DBNAME = config.services.paperless.database.user; From c31eb38229e0be1414ecad42a0085debba16c5fd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 14:33:17 -0500 Subject: [PATCH 812/932] installed direnv extension --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/default.nix | 1 + .../programs/vscode/direnv.nix | 25 +++++++++++++++++++ 3 files changed, 27 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/direnv.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 778439ad..f213d3c9 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -78,6 +78,7 @@ in { # misc extensions evenBetterToml.enable = true; + direnv.enable = config.programs.direnv.enable; }; extensions = let diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 50b323da..48eb1cec 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -21,5 +21,6 @@ ./claudeDev.nix ./nearley.nix ./vitest.nix + ./direnv.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/direnv.nix b/modules/home-manager-modules/programs/vscode/direnv.nix new file mode 100644 index 00000000..231ea177 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/direnv.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.vscode-marketplace; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.direnv = { + enable = lib.mkEnableOption "Enable direnv extension"; + extension = lib.mkPackageOption pkgsRepository "direnv" { + default = ["mkhl" "direnv"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.direnv.enable { + extensions = [config.extraExtensions.direnv.extension]; + }; + })); + }; +} From 2aad75a334050e30f9fba9567d231ff6d338bda7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 15:23:59 -0500 Subject: [PATCH 813/932] moved more packages to modules --- configurations/home-manager/eve/packages.nix | 2 +- .../home-manager/leyla/packages/default.nix | 66 ++++++------------- .../programs/davinci-resolve.nix | 30 +++++++++ .../home-manager-modules/programs/default.nix | 18 +++++ .../home-manager-modules/programs/freecad.nix | 29 ++++++++ .../programs/gdx-liftoff.nix | 17 +++++ .../home-manager-modules/programs/gimp.nix | 29 ++++++++ .../programs/inkscape.nix | 29 ++++++++ .../programs/libreoffice.nix | 29 ++++++++ .../home-manager-modules/programs/mfoc.nix | 17 +++++ .../programs/noisetorch.nix | 17 +++++ .../programs/onionshare.nix | 17 +++++ .../home-manager-modules/programs/openrgb.nix | 17 +++++ .../home-manager-modules/programs/openvpn.nix | 17 +++++ .../programs/pdfarranger.nix | 17 +++++ .../home-manager-modules/programs/picard.nix | 29 ++++++++ .../programs/proxmark3.nix | 17 +++++ .../programs/qflipper.nix | 29 ++++++++ .../programs/tor-browser.nix | 29 ++++++++ .../programs/ungoogled-chromium.nix | 29 ++++++++ modules/home-manager-modules/programs/via.nix | 17 +++++ 21 files changed, 453 insertions(+), 48 deletions(-) create mode 100644 modules/home-manager-modules/programs/davinci-resolve.nix create mode 100644 modules/home-manager-modules/programs/freecad.nix create mode 100644 modules/home-manager-modules/programs/gdx-liftoff.nix create mode 100644 modules/home-manager-modules/programs/gimp.nix create mode 100644 modules/home-manager-modules/programs/inkscape.nix create mode 100644 modules/home-manager-modules/programs/libreoffice.nix create mode 100644 modules/home-manager-modules/programs/mfoc.nix create mode 100644 modules/home-manager-modules/programs/noisetorch.nix create mode 100644 modules/home-manager-modules/programs/onionshare.nix create mode 100644 modules/home-manager-modules/programs/openrgb.nix create mode 100644 modules/home-manager-modules/programs/openvpn.nix create mode 100644 modules/home-manager-modules/programs/pdfarranger.nix create mode 100644 modules/home-manager-modules/programs/picard.nix create mode 100644 modules/home-manager-modules/programs/proxmark3.nix create mode 100644 modules/home-manager-modules/programs/qflipper.nix create mode 100644 modules/home-manager-modules/programs/tor-browser.nix create mode 100644 modules/home-manager-modules/programs/ungoogled-chromium.nix create mode 100644 modules/home-manager-modules/programs/via.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index f7f0c784..f738fe29 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -17,7 +17,6 @@ in { # See https://search.nixos.org/packages for all options home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ - ungoogled-chromium gnomeExtensions.dash-to-panel ] ); @@ -61,6 +60,7 @@ in { steam.enable = true; piper.enable = hardware.piperMouse.enable; krita.enable = true; + ungoogled-chromium.enable = true; }) ]; }; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 717b1533..86bbd96e 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -37,6 +37,12 @@ in { dbeaver-bin.enable = true; bruno.enable = true; piper.enable = hardware.piperMouse.enable; + proxmark3.enable = true; + openrgb.enable = hardware.openRGB.enable; + via.enable = hardware.viaKeyboard.enable; + claude-code.enable = osConfig.host.ai.enable; + davinci-resolve.enable = hardware.graphicsAcceleration.enable; + mfoc.enable = true; }) (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { anki.enable = true; @@ -50,6 +56,19 @@ in { firefox.enable = true; steam.enable = true; krita.enable = true; + ungoogled-chromium.enable = true; + libreoffice.enable = true; + inkscape.enable = true; + gimp.enable = true; + freecad.enable = true; + onionshare.enable = true; + pdfarranger.enable = true; + picard.enable = true; + qflipper.enable = true; + openvpn.enable = true; + noisetorch.enable = true; + tor-browser.enable = true; + gdx-liftoff.enable = true; }) ]; } @@ -66,53 +85,6 @@ in { nixpkgs.config = { allowUnfree = true; }; - - home.packages = ( - (with pkgs; [ - proxmark3 - ]) - ++ ( - lib.lists.optionals hardware.directAccess.enable (with pkgs; [ - #foss platforms - ungoogled-chromium - libreoffice - inkscape - gimp - freecad - # cura - # kicad-small - onionshare - # rhythmbox - - # wireshark - # rpi-imager - # fritzing - mfoc - tor-browser - pdfarranger - picard - - gdx-liftoff - - # proprietary platforms - (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - - # development tools - # androidStudioPackages.canary - qFlipper - - # system tools - openvpn - noisetorch - - # hardware management tools - (lib.mkIf hardware.openRGB.enable openrgb) - (lib.mkIf hardware.viaKeyboard.enable via) - - (lib.mkIf osConfig.host.ai.enable claude-code) - ]) - ) - ); }) ]; } diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix new file mode 100644 index 00000000..00ba525b --- /dev/null +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -0,0 +1,30 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.davinci-resolve = { + enable = lib.mkEnableOption "enable davinci-resolve"; + }; + + config = lib.mkIf config.programs.davinci-resolve.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + davinci-resolve + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.dataHome}/DaVinciResolve" + "${config.xdg.configHome}/blackmagic" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index f2a22ee2..d1c13db1 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -19,5 +19,23 @@ ./dbeaver.nix ./steam.nix ./vscode + ./ungoogled-chromium.nix + ./libreoffice.nix + ./inkscape.nix + ./gimp.nix + ./proxmark3.nix + ./freecad.nix + ./onionshare.nix + ./mfoc.nix + ./pdfarranger.nix + ./picard.nix + ./qflipper.nix + ./openvpn.nix + ./noisetorch.nix + ./openrgb.nix + ./via.nix + ./davinci-resolve.nix + ./gdx-liftoff.nix + ./tor-browser.nix ]; } diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix new file mode 100644 index 00000000..ec172057 --- /dev/null +++ b/modules/home-manager-modules/programs/freecad.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.freecad = { + enable = lib.mkEnableOption "enable freecad"; + }; + + config = lib.mkIf config.programs.freecad.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + freecad + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/FreeCAD" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/gdx-liftoff.nix b/modules/home-manager-modules/programs/gdx-liftoff.nix new file mode 100644 index 00000000..b29230d3 --- /dev/null +++ b/modules/home-manager-modules/programs/gdx-liftoff.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.gdx-liftoff = { + enable = lib.mkEnableOption "enable gdx-liftoff"; + }; + + config = lib.mkIf config.programs.gdx-liftoff.enable { + home.packages = with pkgs; [ + gdx-liftoff + ]; + }; +} diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix new file mode 100644 index 00000000..428068ea --- /dev/null +++ b/modules/home-manager-modules/programs/gimp.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.gimp = { + enable = lib.mkEnableOption "enable gimp"; + }; + + config = lib.mkIf config.programs.gimp.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + gimp + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/GIMP" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix new file mode 100644 index 00000000..facb08f5 --- /dev/null +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.inkscape = { + enable = lib.mkEnableOption "enable inkscape"; + }; + + config = lib.mkIf config.programs.inkscape.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + inkscape + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/inkscape" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix new file mode 100644 index 00000000..b61ea58c --- /dev/null +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.libreoffice = { + enable = lib.mkEnableOption "enable libreoffice"; + }; + + config = lib.mkIf config.programs.libreoffice.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + libreoffice + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/libreoffice" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/mfoc.nix b/modules/home-manager-modules/programs/mfoc.nix new file mode 100644 index 00000000..7b92007f --- /dev/null +++ b/modules/home-manager-modules/programs/mfoc.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.mfoc = { + enable = lib.mkEnableOption "enable mfoc"; + }; + + config = lib.mkIf config.programs.mfoc.enable { + home.packages = with pkgs; [ + mfoc + ]; + }; +} diff --git a/modules/home-manager-modules/programs/noisetorch.nix b/modules/home-manager-modules/programs/noisetorch.nix new file mode 100644 index 00000000..c53e3a91 --- /dev/null +++ b/modules/home-manager-modules/programs/noisetorch.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.noisetorch = { + enable = lib.mkEnableOption "enable noisetorch"; + }; + + config = lib.mkIf config.programs.noisetorch.enable { + home.packages = with pkgs; [ + noisetorch + ]; + }; +} diff --git a/modules/home-manager-modules/programs/onionshare.nix b/modules/home-manager-modules/programs/onionshare.nix new file mode 100644 index 00000000..ed1903de --- /dev/null +++ b/modules/home-manager-modules/programs/onionshare.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.onionshare = { + enable = lib.mkEnableOption "enable onionshare"; + }; + + config = lib.mkIf config.programs.onionshare.enable { + home.packages = with pkgs; [ + onionshare + ]; + }; +} diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix new file mode 100644 index 00000000..0260c91a --- /dev/null +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.openrgb = { + enable = lib.mkEnableOption "enable openrgb"; + }; + + config = lib.mkIf config.programs.openrgb.enable { + home.packages = with pkgs; [ + openrgb + ]; + }; +} diff --git a/modules/home-manager-modules/programs/openvpn.nix b/modules/home-manager-modules/programs/openvpn.nix new file mode 100644 index 00000000..814c16da --- /dev/null +++ b/modules/home-manager-modules/programs/openvpn.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.openvpn = { + enable = lib.mkEnableOption "enable openvpn"; + }; + + config = lib.mkIf config.programs.openvpn.enable { + home.packages = with pkgs; [ + openvpn + ]; + }; +} diff --git a/modules/home-manager-modules/programs/pdfarranger.nix b/modules/home-manager-modules/programs/pdfarranger.nix new file mode 100644 index 00000000..d4e33b5c --- /dev/null +++ b/modules/home-manager-modules/programs/pdfarranger.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.pdfarranger = { + enable = lib.mkEnableOption "enable pdfarranger"; + }; + + config = lib.mkIf config.programs.pdfarranger.enable { + home.packages = with pkgs; [ + pdfarranger + ]; + }; +} diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix new file mode 100644 index 00000000..d2c1fe22 --- /dev/null +++ b/modules/home-manager-modules/programs/picard.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.picard = { + enable = lib.mkEnableOption "enable picard"; + }; + + config = lib.mkIf config.programs.picard.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + picard + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/MusicBrainz" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/proxmark3.nix b/modules/home-manager-modules/programs/proxmark3.nix new file mode 100644 index 00000000..ad1e2989 --- /dev/null +++ b/modules/home-manager-modules/programs/proxmark3.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.proxmark3 = { + enable = lib.mkEnableOption "enable proxmark3"; + }; + + config = lib.mkIf config.programs.proxmark3.enable { + home.packages = with pkgs; [ + proxmark3 + ]; + }; +} diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix new file mode 100644 index 00000000..abc24424 --- /dev/null +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.qflipper = { + enable = lib.mkEnableOption "enable qflipper"; + }; + + config = lib.mkIf config.programs.qflipper.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + qFlipper + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/qFlipper" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix new file mode 100644 index 00000000..2c585788 --- /dev/null +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.tor-browser = { + enable = lib.mkEnableOption "enable tor-browser"; + }; + + config = lib.mkIf config.programs.tor-browser.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + tor-browser + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.dataHome}/torbrowser" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix new file mode 100644 index 00000000..5b52cd67 --- /dev/null +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.ungoogled-chromium = { + enable = lib.mkEnableOption "enable ungoogled-chromium"; + }; + + config = lib.mkIf config.programs.ungoogled-chromium.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + ungoogled-chromium + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/chromium" + ]; + allowOther = true; + }; + } + ) + ]); +} diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix new file mode 100644 index 00000000..0b794526 --- /dev/null +++ b/modules/home-manager-modules/programs/via.nix @@ -0,0 +1,17 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.via = { + enable = lib.mkEnableOption "enable via"; + }; + + config = lib.mkIf config.programs.via.enable { + home.packages = with pkgs; [ + via + ]; + }; +} From 1831fea96a57f9c538b3f72f13b09adb51a35ea1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 4 Sep 2025 15:40:22 -0500 Subject: [PATCH 814/932] updated flake lock --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 19959d9d..03054c1b 100644 --- a/flake.lock +++ b/flake.lock @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1756954499, - "narHash": "sha256-Pg4xBHzvzNY8l9x/rLWoJMnIR8ebG+xeU+IyqThIkqU=", + "lastModified": 1756991914, + "narHash": "sha256-4ve/3ah5H/SpL2m3qmZ9GU+VinQYp2MN1G7GamimTds=", "owner": "nix-community", "repo": "home-manager", - "rev": "ed1a98c375450dfccf427adacd2bfd1a7b22eb25", + "rev": "b08f8737776f10920c330657bee8b95834b7a70f", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1755825449, - "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", + "lastModified": 1757015938, + "narHash": "sha256-1qBXNK/QxEjCqIoA2DxWn5gqM8rVxt+OxKodXu1GLTY=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", + "rev": "eaacfa1101b84225491d2ceae9549366d74dc214", "type": "github" }, "original": { From 68b791f7c10340d2e97992f9bfe3e12311945ac8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 6 Sep 2025 23:11:22 -0500 Subject: [PATCH 815/932] feat: installed conventional commits plugin --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/conventionalCommits.nix | 25 +++++++++++++++++++ .../programs/vscode/default.nix | 1 + 3 files changed, 27 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/conventionalCommits.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index f213d3c9..8ac026ef 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -79,6 +79,7 @@ in { # misc extensions evenBetterToml.enable = true; direnv.enable = config.programs.direnv.enable; + conventionalCommits.enable = true; }; extensions = let diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix new file mode 100644 index 00000000..00ca6fad --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -0,0 +1,25 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.vscode-marketplace; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.conventionalCommits = { + enable = lib.mkEnableOption "Enable VSCode Conventional Commits extension"; + extension = lib.mkPackageOption pkgsRepository "conventional-commits" { + default = ["vivaxy" "vscode-conventional-commits"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.conventionalCommits.enable { + extensions = [config.extraExtensions.conventionalCommits.extension]; + }; + })); + }; +} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 48eb1cec..85f4a623 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -22,5 +22,6 @@ ./nearley.nix ./vitest.nix ./direnv.nix + ./conventionalCommits.nix ]; } From 09d258840662c034f187e66bea1536eefb1f644a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 6 Sep 2025 23:42:13 -0500 Subject: [PATCH 816/932] feat: added config options to hte conventional commit extension to disable emoji and scopes propts --- .../programs/vscode/conventionalCommits.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix index 00ca6fad..1e3954c4 100644 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -15,10 +15,27 @@ in { extension = lib.mkPackageOption pkgsRepository "conventional-commits" { default = ["vivaxy" "vscode-conventional-commits"]; }; + + emojiFormat = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable emoji format for conventional commits"; + }; + + promptScopes = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable prompting for scopes in conventional commits"; + }; }; }; config = lib.mkIf config.extraExtensions.conventionalCommits.enable { extensions = [config.extraExtensions.conventionalCommits.extension]; + + userSettings = { + "conventionalCommits.emojiFormat" = config.extraExtensions.conventionalCommits.emojiFormat; + "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; + }; }; })); }; From 58fec3f132f0fdfd4ade138ffc1edf9905753ad4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 7 Sep 2025 15:58:54 -0500 Subject: [PATCH 817/932] refactor: switched to using mkEnableOption --- .../programs/vscode/conventionalCommits.nix | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix index 1e3954c4..5bc81246 100644 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix @@ -16,24 +16,16 @@ in { default = ["vivaxy" "vscode-conventional-commits"]; }; - emojiFormat = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable emoji format for conventional commits"; - }; + gitmoji = lib.mkEnableOption "should emoji be prompted for as a part of the commit message./"; - promptScopes = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable prompting for scopes in conventional commits"; - }; + promptScopes = lib.mkEnableOption "prompting for scopes in conventional commits"; }; }; config = lib.mkIf config.extraExtensions.conventionalCommits.enable { extensions = [config.extraExtensions.conventionalCommits.extension]; userSettings = { - "conventionalCommits.emojiFormat" = config.extraExtensions.conventionalCommits.emojiFormat; + "conventionalCommits.gitmoji" = config.extraExtensions.conventionalCommits.gitmoji; "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; }; }; From 487dc215503aab6d309ade68480ac48a47604376 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 7 Sep 2025 20:12:46 -0500 Subject: [PATCH 818/932] refactor: removed eslint mcp server --- .../leyla/packages/vscode/default.nix | 1 - .../programs/vscode/claudeDev.nix | 38 +++---------------- 2 files changed, 6 insertions(+), 33 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 8ac026ef..6e369084 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,7 +72,6 @@ in { enable = true; mcp = { nixos.enable = true; - eslint.enable = true; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 11eb1555..21ff6b52 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -10,21 +10,11 @@ mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; - mcp-eslint = pkgs.writeShellScriptBin "mcp-eslint" '' - ${pkgs.nodejs}/bin/npx --yes @modelcontextprotocol/server-eslint "$@" - ''; - anyProfileHasMcpNixos = lib.any ( profile: profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); - - anyProfileHasMcpEslint = lib.any ( - profile: - profile.extraExtensions.claudeDev.enable - && profile.extraExtensions.claudeDev.mcp.eslint.enable - ) (lib.attrValues config.programs.vscode.profiles); in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -39,9 +29,6 @@ in { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; }; - eslint = { - enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; - }; }; }; }; @@ -60,27 +47,14 @@ in { ]; }) - (lib.mkIf anyProfileHasMcpEslint { - home.packages = [ - mcp-eslint - pkgs.eslint - ]; - }) - - (lib.mkIf (anyProfileHasMcpNixos || anyProfileHasMcpEslint) { + (lib.mkIf anyProfileHasMcpNixos { home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { text = builtins.toJSON { - mcpServers = - (lib.optionalAttrs anyProfileHasMcpNixos { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }) - // (lib.optionalAttrs anyProfileHasMcpEslint { - eslint = { - command = "${mcp-eslint}/bin/mcp-eslint"; - }; - }); + mcpServers = { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }; }; force = true; }; From 2745af9443d5a814866e791e513648d887dc7dbe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 8 Sep 2025 16:47:05 -0500 Subject: [PATCH 819/932] feat: updated flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 03054c1b..6ea6f9b4 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1756733629, - "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", + "lastModified": 1757255839, + "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", "owner": "nix-community", "repo": "disko", - "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", + "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1756958609, - "narHash": "sha256-1nRGsnPZjOubRTsXEsnJqWlLsgo/Xq7tN7PWK57dFDQ=", + "lastModified": 1757304222, + "narHash": "sha256-s070stByAXxeCLgftTXxFxZ2ynJhghne4Y6cTuqGAaw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "b2a4e1bc62946403f82594ab9550ac13a1afa4df", + "rev": "fa312c0175ffb82bc67da095439b9cb683ac52bd", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1756991914, - "narHash": "sha256-4ve/3ah5H/SpL2m3qmZ9GU+VinQYp2MN1G7GamimTds=", + "lastModified": 1757256385, + "narHash": "sha256-WK7tOhWwr15mipcckhDg2no/eSpM1nIh4C9le8HgHhk=", "owner": "nix-community", "repo": "home-manager", - "rev": "b08f8737776f10920c330657bee8b95834b7a70f", + "rev": "f35703b412c67b48e97beb6e27a6ab96a084cd37", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1757015938, - "narHash": "sha256-1qBXNK/QxEjCqIoA2DxWn5gqM8rVxt+OxKodXu1GLTY=", + "lastModified": 1757130842, + "narHash": "sha256-4i7KKuXesSZGUv0cLPLfxbmF1S72Gf/3aSypgvVkwuA=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "eaacfa1101b84225491d2ceae9549366d74dc214", + "rev": "15f067638e2887c58c4b6ba1bdb65a0b61dc58c5", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1756950692, - "narHash": "sha256-3MnwSjiqIK8XtKZ1pkhuiv2wnCzQfulc5Wu0pWFluew=", + "lastModified": 1757296711, + "narHash": "sha256-7u9/tXUdmTj8x7ofet8aELLBlCHSoA+QOhYKheRdacM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5ae2ac105a0d3ed2230a225ef6441928286897da", + "rev": "ab9374ac8c162dacffcd4400e668fd7f9b6f173a", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1756925795, - "narHash": "sha256-kUb5hehaikfUvoJDEc7ngiieX88TwWX/bBRX9Ar6Tac=", + "lastModified": 1757103352, + "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ba6fab29768007e9f2657014a6e134637100c57d", + "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1756787288, - "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", + "lastModified": 1757068644, + "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", + "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", "type": "github" }, "original": { From ca9f54d795a84177cf4d98e818891e87c5c44f28 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 12 Sep 2025 00:41:17 -0500 Subject: [PATCH 820/932] feat: installed mcp servers for vitest and eslint --- .../leyla/packages/vscode/default.nix | 2 + .../programs/vscode/claudeDev.nix | 45 ++++++++++++++++--- 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 6e369084..41ecdcb3 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,6 +72,8 @@ in { enable = true; mcp = { nixos.enable = true; + eslint.enable = true; + vitest.enable = true; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 21ff6b52..47da0afd 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -15,6 +15,20 @@ profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.nixos.enable ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcpEslint = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.eslint.enable + ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcpVitest = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.vitest.enable + ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -29,6 +43,12 @@ in { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; }; + eslint = { + enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; + }; + vitest = { + enable = lib.mkEnableOption "enable Vitest MCP server for Claude Dev"; + }; }; }; }; @@ -47,14 +67,27 @@ in { ]; }) - (lib.mkIf anyProfileHasMcpNixos { + (lib.mkIf anyProfileHasMcp { home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { text = builtins.toJSON { - mcpServers = { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }; + mcpServers = + (lib.optionalAttrs anyProfileHasMcpNixos { + nixos = { + command = "${mcp-nixos}/bin/mcp-nixos"; + }; + }) + // (lib.optionalAttrs anyProfileHasMcpEslint { + eslint = { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" "@eslint/mcp@latest"]; + }; + }) + // (lib.optionalAttrs anyProfileHasMcpVitest { + vitest = { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" "@djankies/vitest-mcp"]; + }; + }); }; force = true; }; From cf330b1cbb44a07a28bca5d86eebd40176f5ac5a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 12 Sep 2025 10:18:06 -0500 Subject: [PATCH 821/932] feat: installed sleep-mcp server --- .../leyla/packages/vscode/default.nix | 1 + .../programs/vscode/claudeDev.nix | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 41ecdcb3..a6512653 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -74,6 +74,7 @@ in { nixos.enable = true; eslint.enable = true; vitest.enable = true; + sleep.enable = true; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 47da0afd..9c067e88 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -28,7 +28,13 @@ && profile.extraExtensions.claudeDev.mcp.vitest.enable ) (lib.attrValues config.programs.vscode.profiles); - anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest; + anyProfileHasMcpSleep = lib.any ( + profile: + profile.extraExtensions.claudeDev.enable + && profile.extraExtensions.claudeDev.mcp.sleep.enable + ) (lib.attrValues config.programs.vscode.profiles); + + anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest || anyProfileHasMcpSleep; in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -49,6 +55,9 @@ in { vitest = { enable = lib.mkEnableOption "enable Vitest MCP server for Claude Dev"; }; + sleep = { + enable = lib.mkEnableOption "enable Sleep MCP server for Claude Dev"; + }; }; }; }; @@ -87,6 +96,12 @@ in { command = "${pkgs.nodejs}/bin/npx"; args = ["-y" "@djankies/vitest-mcp"]; }; + }) + // (lib.optionalAttrs anyProfileHasMcpSleep { + sleep-mcp = { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" "sleep-mcp"]; + }; }); }; force = true; From 0f8faadd80cb86c34d23b7e17f327de5f3f7acde Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 12 Sep 2025 10:47:31 -0500 Subject: [PATCH 822/932] feat: added more config options for mcp servers --- .../leyla/packages/vscode/default.nix | 24 +++- .../programs/vscode/claudeDev.nix | 110 ++++++++++++++++-- 2 files changed, 119 insertions(+), 15 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index a6512653..583f440e 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -72,9 +72,27 @@ in { enable = true; mcp = { nixos.enable = true; - eslint.enable = true; - vitest.enable = true; - sleep.enable = true; + eslint = { + enable = true; + autoApprove = { + lint-files = true; + }; + }; + vitest = { + enable = true; + autoApprove = { + list_tests = true; + run_tests = true; + analyze_coverage = true; + }; + }; + sleep = { + enable = true; + timeout = 18000; # 5 hours to match claude codes timeout + autoApprove = { + sleep = true; + }; + }; }; }; diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 9c067e88..0e34f979 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -35,6 +35,30 @@ ) (lib.attrValues config.programs.vscode.profiles); anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest || anyProfileHasMcpSleep; + + getMcpTimeout = serverName: + lib.findFirst (timeout: timeout != null) null (map ( + profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable + then profile.extraExtensions.claudeDev.mcp.${serverName}.timeout + else null + ) (lib.attrValues config.programs.vscode.profiles)); + + getMcpAutoApprove = serverName: + lib.foldl' ( + acc: profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable + then acc // profile.extraExtensions.claudeDev.mcp.${serverName}.autoApprove + else acc + ) {} (lib.attrValues config.programs.vscode.profiles); + + getMcpPackage = serverName: + lib.findFirst (package: package != null) null (map ( + profile: + if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable + then profile.extraExtensions.claudeDev.mcp.${serverName}.package + else null + ) (lib.attrValues config.programs.vscode.profiles)); in { options.programs.vscode.profiles = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { @@ -51,12 +75,53 @@ in { }; eslint = { enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; + package = lib.mkOption { + type = lib.types.str; + default = "@eslint/mcp@latest"; + description = "NPM package to use for ESLint MCP server"; + }; + timeout = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = null; + description = "Timeout in seconds for ESLint MCP server operations"; + }; + autoApprove = { + lint-files = lib.mkEnableOption "Should the lint-files tool be auto approved for ESLint MCP server"; + }; }; vitest = { enable = lib.mkEnableOption "enable Vitest MCP server for Claude Dev"; + package = lib.mkOption { + type = lib.types.str; + default = "@djankies/vitest-mcp"; + description = "NPM package to use for Vitest MCP server"; + }; + timeout = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = null; + description = "Timeout in seconds for Vitest MCP server operations"; + }; + autoApprove = { + list_tests = lib.mkEnableOption "Should the list_tests tool be auto approved for Vitest MCP server"; + run_tests = lib.mkEnableOption "Should the run_tests tool be auto approved for Vitest MCP server"; + analyze_coverage = lib.mkEnableOption "Should the analyze_coverage tool be auto approved for Vitest MCP server"; + }; }; sleep = { enable = lib.mkEnableOption "enable Sleep MCP server for Claude Dev"; + package = lib.mkOption { + type = lib.types.str; + default = "sleep-mcp"; + description = "NPM package to use for Sleep MCP server"; + }; + timeout = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = null; + description = "Timeout in seconds for Sleep MCP server operations"; + }; + autoApprove = { + sleep = lib.mkEnableOption "Should the sleep tool be auto approved for Sleep MCP server"; + }; }; }; }; @@ -86,22 +151,43 @@ in { }; }) // (lib.optionalAttrs anyProfileHasMcpEslint { - eslint = { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" "@eslint/mcp@latest"]; - }; + eslint = + { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" (getMcpPackage "eslint")]; + } + // (lib.optionalAttrs ((getMcpTimeout "eslint") != null) { + timeout = getMcpTimeout "eslint"; + }) + // (lib.optionalAttrs ((getMcpAutoApprove "eslint") != {}) { + autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "eslint")); + }); }) // (lib.optionalAttrs anyProfileHasMcpVitest { - vitest = { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" "@djankies/vitest-mcp"]; - }; + vitest = + { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" (getMcpPackage "vitest")]; + } + // (lib.optionalAttrs ((getMcpTimeout "vitest") != null) { + timeout = getMcpTimeout "vitest"; + }) + // (lib.optionalAttrs ((getMcpAutoApprove "vitest") != {}) { + autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "vitest")); + }); }) // (lib.optionalAttrs anyProfileHasMcpSleep { - sleep-mcp = { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" "sleep-mcp"]; - }; + sleep-mcp = + { + command = "${pkgs.nodejs}/bin/npx"; + args = ["-y" (getMcpPackage "sleep")]; + } + // (lib.optionalAttrs ((getMcpTimeout "sleep") != null) { + timeout = getMcpTimeout "sleep"; + }) + // (lib.optionalAttrs ((getMcpAutoApprove "sleep") != {}) { + autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "sleep")); + }); }); }; force = true; From ffcba0d714f2fed4a72aadf68ccd184d5872dcee Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Sep 2025 18:03:04 -0500 Subject: [PATCH 823/932] feat: created mapillary desktop uploader dirivation --- modules/common-modules/pkgs/default.nix | 3 ++ .../pkgs/mapillary-uploader.nix | 42 +++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 modules/common-modules/pkgs/mapillary-uploader.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 16f3a3c9..669533bf 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -22,5 +22,8 @@ (final: prev: { codium-extensions = pkgs.callPackage ./codium-extensions {}; }) + (final: prev: { + mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix new file mode 100644 index 00000000..3ab38f8b --- /dev/null +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -0,0 +1,42 @@ +{ + lib, + fetchurl, + appimageTools, +}: let + pname = "mapillary-uploader"; + version = "4.7.2"; # Based on the application output + + src = fetchurl { + url = "https://tools.mapillary.com/uploader/download/linux"; + name = "mapillary-uploader.AppImage"; + sha256 = "sha256-Oyx7AIdA/2mwBaq7UzXOoyq/z2SU2sViMN40sY2RCQw="; + }; + + appimageContents = appimageTools.extractType2 { + inherit pname version src; + }; +in + appimageTools.wrapType2 { + inherit pname version src; + + extraInstallCommands = '' + # Install desktop file + install -Dm644 ${appimageContents}/mapillary-desktop-uploader.desktop $out/share/applications/mapillary-uploader.desktop + + # Install icon + install -Dm644 ${appimageContents}/usr/share/icons/hicolor/0x0/apps/mapillary-desktop-uploader.png $out/share/pixmaps/mapillary-uploader.png + + # Fix desktop file paths + substituteInPlace $out/share/applications/mapillary-uploader.desktop \ + --replace 'Exec=AppRun' 'Exec=${pname}' + ''; + + meta = with lib; { + description = "Mapillary Desktop Uploader - Upload street-level imagery to Mapillary"; + homepage = "https://www.mapillary.com/"; + license = licenses.unfree; # Mapillary's license terms + maintainers = []; + platforms = ["x86_64-linux"]; + sourceProvenance = with sourceTypes; [binaryNativeCode]; + }; + } From 3bf3391eb90e7b2cead773c262ecf0d8c8c8a4c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 13 Sep 2025 18:15:43 -0500 Subject: [PATCH 824/932] feat: created mapillary desktop uploader program config and installed for leyla --- .../home-manager/leyla/packages/default.nix | 1 + .../home-manager-modules/programs/default.nix | 1 + .../programs/mapillary-uploader.nix | 17 +++++++++++++++++ 3 files changed, 19 insertions(+) create mode 100644 modules/home-manager-modules/programs/mapillary-uploader.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 86bbd96e..6377ed29 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -58,6 +58,7 @@ in { krita.enable = true; ungoogled-chromium.enable = true; libreoffice.enable = true; + mapillary-uploader.enable = true; inkscape.enable = true; gimp.enable = true; freecad.enable = true; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index d1c13db1..79f33510 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -21,6 +21,7 @@ ./vscode ./ungoogled-chromium.nix ./libreoffice.nix + ./mapillary-uploader.nix ./inkscape.nix ./gimp.nix ./proxmark3.nix diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix new file mode 100644 index 00000000..38c11448 --- /dev/null +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.programs.mapillary-uploader; +in { + options.programs.mapillary-uploader = { + enable = mkEnableOption "Mapillary Desktop Uploader"; + }; + + config = mkIf cfg.enable { + home.packages = [pkgs.mapillary-uploader]; + }; +} From 22b9c5b3f96094ddd6e210070650da4c1d9a497c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 17:34:19 -0500 Subject: [PATCH 825/932] chore: added items to task list --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 339a8e8d..13d12065 100644 --- a/README.md +++ b/README.md @@ -67,4 +67,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - rotate sops encryption keys periodically (and somehow sync between devices?) - wake on LAN for updates - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- panoramax instance +- mastodon instance +- move searx, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file From 88dcba346f6413963277fdb0f216a4f64811ac08 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 21:42:34 -0500 Subject: [PATCH 826/932] feat: started to create panoramax config --- modules/common-modules/pkgs/default.nix | 3 + modules/common-modules/pkgs/panoramax.nix | 65 ++++++++++++++++++++++ modules/nixos-modules/server/panoramax.nix | 43 ++++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 modules/common-modules/pkgs/panoramax.nix create mode 100644 modules/nixos-modules/server/panoramax.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 669533bf..f1235cc3 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -25,5 +25,8 @@ (final: prev: { mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; }) + (final: prev: { + panoramax = pkgs.python3.pkgs.callPackage ./panoramax.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/panoramax.nix b/modules/common-modules/pkgs/panoramax.nix new file mode 100644 index 00000000..e2dad14a --- /dev/null +++ b/modules/common-modules/pkgs/panoramax.nix @@ -0,0 +1,65 @@ +{ + lib, + fetchFromGitLab, + buildPythonPackage, + flit-core, + flask, + pillow, + requests, + python-dotenv, + authlib, + sentry-sdk, + python-dateutil, + croniter, + pydantic, + ... +}: let + pname = "geovisio"; + version = "2.10.0"; + repo = fetchFromGitLab { + owner = "panoramax"; + repo = "server/api"; + rev = version; + hash = "sha256-kCLcrOe7jJdIfmWWOmxQ5dOj8ZG2B7s0qFpHXs02B/E="; + }; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = repo; + + build-system = [ + flit-core + ]; + + dependencies = [ + flask + pillow + requests + python-dotenv + authlib + sentry-sdk + python-dateutil + croniter + pydantic + ]; + + # Skip tests as they may require network access or specific setup + doCheck = false; + + # Disable runtime dependencies check as many dependencies are not available in nixpkgs + dontCheckRuntimeDeps = true; + + # Disable imports check as many dependencies are not available in nixpkgs + pythonImportsCheck = []; + + meta = with lib; { + description = "Panoramax API client and tools for street-level imagery platform"; + homepage = "https://gitlab.com/panoramax/server/api"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix new file mode 100644 index 00000000..a16588a2 --- /dev/null +++ b/modules/nixos-modules/server/panoramax.nix @@ -0,0 +1,43 @@ +{ + config, + lib, + pkgs, + osConfig, + ... +}: let + cfg = config.services.panoramax; +in { + options.services.panoramax = { + enable = lib.mkEnableOption "panoramax"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.panoramax; + description = "The panoramax package to use"; + }; + + # TODO: create configs + # TODO: auto config db + # config = { + # DB_PORT = lib.mkOption {}; + # DB_HOST = lib.mkOption {}; + # DB_USERNAME = lib.mkOption {}; + # DB_PASSWORD = lib.mkOption {}; + # DB_NAME = lib.mkOption {}; + # FS_URL = lib.mkOption {}; + # }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + # TODO: configure options for the package + } + ( + lib.mkIf osConfig.host.impermanence.enable { + # TODO: configure impermanence for panoramax data + } + ) + ] + ); +} From 663bdcc012cbf6410bf6acebaf4566313c4081fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 21:48:10 -0500 Subject: [PATCH 827/932] chore: stubed out section for fail2ban for panoramax --- modules/nixos-modules/server/panoramax.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index a16588a2..f7d305f3 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -33,6 +33,11 @@ in { { # TODO: configure options for the package } + ( + lib.mkIf config.services.fail2ban { + # TODO: configure options for fail2ban + } + ) ( lib.mkIf osConfig.host.impermanence.enable { # TODO: configure impermanence for panoramax data From 52801b4bb7a71f02115c6f3b05899ed3daf150ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 14 Sep 2025 22:10:57 -0500 Subject: [PATCH 828/932] refactor: moved reverse proxy into own section in server modules --- modules/nixos-modules/server/actual.nix | 12 +- modules/nixos-modules/server/forgejo.nix | 10 +- .../nixos-modules/server/home-assistant.nix | 37 +++--- modules/nixos-modules/server/immich.nix | 38 +++--- modules/nixos-modules/server/jellyfin.nix | 28 ++--- modules/nixos-modules/server/paperless.nix | 26 +++-- modules/nixos-modules/server/searx.nix | 110 +++++++++--------- 7 files changed, 142 insertions(+), 119 deletions(-) diff --git a/modules/nixos-modules/server/actual.nix b/modules/nixos-modules/server/actual.nix index 7fc0b93e..80f4fabf 100644 --- a/modules/nixos-modules/server/actual.nix +++ b/modules/nixos-modules/server/actual.nix @@ -18,11 +18,6 @@ in { systemd.tmpfiles.rules = [ "d ${dataDirectory} 2770 actual actual" ]; - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; - }; - }; services.actual = { settings = { @@ -30,6 +25,13 @@ in { }; }; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.actual.subdomain} = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { # TODO: configuration for fail2ban for actual }) diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index de06f944..3b196952 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -26,9 +26,6 @@ in { } ]; host = { - reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { - target = "http://localhost:${toString forgejoPort}"; - }; postgres = { enable = true; extraUsers = { @@ -76,6 +73,13 @@ in { config.services.forgejo.settings.server.SSH_LISTEN_PORT ]; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + target = "http://localhost:${toString forgejoPort}"; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 57bedc13..baf66832 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -43,24 +43,6 @@ in { config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; - }; - }; - services.home-assistant = { configDir = configDir; extraComponents = [ @@ -173,6 +155,25 @@ in { ]; }; }) + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + + proxy_buffering off; + + proxy_read_timeout 90; + ''; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix index e7088a9e..fa376e44 100644 --- a/modules/nixos-modules/server/immich.nix +++ b/modules/nixos-modules/server/immich.nix @@ -17,23 +17,6 @@ in { config = lib.mkIf config.services.immich.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; - }; postgres = { enable = true; extraUsers = { @@ -53,6 +36,27 @@ in { ]; }; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.immich.subdomain} = { + target = "http://localhost:${toString config.services.immich.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + + # set timeout + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + proxy_redirect off; + ''; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index 294c8e17..85c870f9 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -30,6 +30,20 @@ in { config = lib.mkIf config.services.jellyfin.enable ( lib.mkMerge [ { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + } + (lib.mkIf config.host.reverse_proxy.enable { host.reverse_proxy.subdomains.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; @@ -45,19 +59,7 @@ in { proxy_buffering off; ''; }; - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - } + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/jellyfin.local".text = ( diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix index b97c48d9..303d7422 100644 --- a/modules/nixos-modules/server/paperless.nix +++ b/modules/nixos-modules/server/paperless.nix @@ -24,17 +24,6 @@ in { config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ { host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; - }; postgres = { enable = true; extraUsers = { @@ -61,6 +50,21 @@ in { }; }; } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.${config.services.paperless.subdomain} = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + ''; + }; + }; + }) (lib.mkIf config.services.fail2ban.enable { environment.etc = { "fail2ban/filter.d/paperless.local".text = ( diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix index d357308c..0e547af1 100644 --- a/modules/nixos-modules/server/searx.nix +++ b/modules/nixos-modules/server/searx.nix @@ -12,61 +12,67 @@ }; }; - config = lib.mkIf config.services.searx.enable { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; - }; - }; - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; + config = lib.mkIf config.services.searx.enable ( + lib.mkMerge [ + { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; }; - }; + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; + } + (lib.mkIf config.host.reverse_proxy.enable { + host = { + reverse_proxy.subdomains.searx = { + subdomain = config.services.searx.subdomain; + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + }; }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - }; + }) + ] + ); } From 84b204f8b1553aa25a0831ec25f03de62df3d7b1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 10:40:34 -0500 Subject: [PATCH 829/932] feat: created env config for panoramax --- modules/nixos-modules/server/panoramax.nix | 191 +++++++++++++++++++-- 1 file changed, 177 insertions(+), 14 deletions(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index f7d305f3..5196a2d7 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -4,8 +4,28 @@ pkgs, osConfig, ... -}: let - cfg = config.services.panoramax; +}: +with lib; let + envContent = '' + # Panoramax Configuration + FLASK_APP=geovisio + ${optionalString (config.services.panoramax.database.url != null) "DB_URL=${config.services.panoramax.database.url}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.port != null) "DB_PORT=${toString config.services.panoramax.database.port}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.host != null) "DB_HOST=${config.services.panoramax.database.host}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.username != null) "DB_USERNAME=${config.services.panoramax.database.username}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.password != null) "DB_PASSWORD=${config.services.panoramax.database.password}"} + ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.name != null) "DB_NAME=${config.services.panoramax.database.name}"} + ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ''; + + envFile = pkgs.writeText "panoramax.env" envContent; in { options.services.panoramax = { enable = lib.mkEnableOption "panoramax"; @@ -16,23 +36,166 @@ in { description = "The panoramax package to use"; }; - # TODO: create configs - # TODO: auto config db - # config = { - # DB_PORT = lib.mkOption {}; - # DB_HOST = lib.mkOption {}; - # DB_USERNAME = lib.mkOption {}; - # DB_PASSWORD = lib.mkOption {}; - # DB_NAME = lib.mkOption {}; - # FS_URL = lib.mkOption {}; - # }; + # TODO: sgblur config + port = mkOption { + type = types.nullOr types.port; + default = 5000; + description = "Port for the Panoramax service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the Panoramax service to"; + }; + + urlScheme = mkOption { + type = types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + + database = { + url = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). + If provided, individual database options (host, port, username, password, name) are ignored. + ''; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5432; + description = "Database port (ignored if database.url is set)"; + }; + + host = mkOption { + type = types.nullOr types.str; + default = "localhost"; + description = "Database host (ignored if database.url is set)"; + }; + + username = mkOption { + type = types.nullOr types.str; + default = "panoramax"; + description = "Database username (ignored if database.url is set)"; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + description = "Database password (ignored if database.url is set)"; + }; + + name = mkOption { + type = types.nullOr types.str; + default = "panoramax"; + description = "Database name (ignored if database.url is set)"; + }; + }; + + storage = { + fsUrl = mkOption { + type = types.nullOr types.str; + default = "/var/lib/panoramax/storage"; + description = "File system URL for storage"; + }; + }; + + infrastructure = { + nbProxies = mkOption { + type = types.nullOr types.int; + default = 1; + description = "Number of proxies in front of the application"; + }; + }; + + flask = { + secretKey = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask secret key for session security"; + }; + + sessionCookieDomain = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask session cookie domain"; + }; + }; + + api = { + pictures = { + licenseSpdxId = mkOption { + type = types.nullOr types.str; + default = null; + description = "SPDX license identifier for API pictures"; + }; + + licenseUrl = mkOption { + type = types.nullOr types.str; + default = null; + description = "License URL for API pictures"; + }; + }; + }; + + extraEnvironment = mkOption { + type = types.attrsOf types.str; + default = {}; + description = "Additional environment variables"; + example = { + CUSTOM_SETTING = "value"; + DEBUG = "true"; + }; + }; }; - config = lib.mkIf cfg.enable ( + config = lib.mkIf config.services.panoramax.enable ( lib.mkMerge [ { - # TODO: configure options for the package + environment.systemPackages = with pkgs; [ + config.services.panoramax.package + python3Packages.waitress + ]; + + systemd.services.panoramax = { + description = "Panoramax Service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; + Restart = "always"; + User = "panoramax"; + Group = "panoramax"; + WorkingDirectory = "/var/lib/panoramax"; + Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; + }; + }; + + users.users.panoramax = { + isSystemUser = true; + group = "panoramax"; + home = "/var/lib/panoramax"; + createHome = true; + }; + + users.groups.panoramax = {}; + + systemd.tmpfiles.rules = [ + "d /var/lib/panoramax 0755 panoramax panoramax -" + "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" + ]; + + # TODO: auto config db } + ( + lib.mkIf config.host.reverse_proxy.enable { + # TODO: configure reverse proxy here + } + ) ( lib.mkIf config.services.fail2ban { # TODO: configure options for fail2ban From 376cb934c322be84390c57f30ddb234f6a45a50f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 11:29:43 -0500 Subject: [PATCH 830/932] refactor: added asseration for db config --- modules/nixos-modules/server/panoramax.nix | 68 +++++++++++++++++----- 1 file changed, 54 insertions(+), 14 deletions(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index 5196a2d7..0ebd82fc 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -6,23 +6,40 @@ ... }: with lib; let + cfg = config.services.panoramax; + + # Database configuration assertions + dbUrlConfigured = cfg.database.url != null; + individualDbConfigured = all (x: x != null) [ + cfg.database.host + cfg.database.port + cfg.database.username + cfg.database.password + cfg.database.name + ]; + envContent = '' # Panoramax Configuration FLASK_APP=geovisio - ${optionalString (config.services.panoramax.database.url != null) "DB_URL=${config.services.panoramax.database.url}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.port != null) "DB_PORT=${toString config.services.panoramax.database.port}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.host != null) "DB_HOST=${config.services.panoramax.database.host}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.username != null) "DB_USERNAME=${config.services.panoramax.database.username}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.password != null) "DB_PASSWORD=${config.services.panoramax.database.password}"} - ${optionalString (config.services.panoramax.database.url == null && config.services.panoramax.database.name != null) "DB_NAME=${config.services.panoramax.database.name}"} - ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ${ + if dbUrlConfigured + then "DB_URL=${cfg.database.url}" + else '' + DB_HOST=${cfg.database.host} + DB_PORT=${toString cfg.database.port} + DB_USERNAME=${cfg.database.username} + DB_PASSWORD=${cfg.database.password} + DB_NAME=${cfg.database.name} + '' + } + ${optionalString (cfg.storage.fsUrl != null) "FS_URL=${cfg.storage.fsUrl}"} + ${optionalString (cfg.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString cfg.infrastructure.nbProxies}"} + ${optionalString (cfg.flask.secretKey != null) "FLASK_SECRET_KEY=${cfg.flask.secretKey}"} + ${optionalString (cfg.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${cfg.flask.sessionCookieDomain}"} + ${optionalString (cfg.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${cfg.api.pictures.licenseSpdxId}"} + ${optionalString (cfg.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${cfg.api.pictures.licenseUrl}"} + ${optionalString (cfg.port != null) "PORT=${toString cfg.port}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") cfg.extraEnvironment)} ''; envFile = pkgs.writeText "panoramax.env" envContent; @@ -189,6 +206,29 @@ in { "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" ]; + assertions = [ + { + assertion = dbUrlConfigured || individualDbConfigured; + message = '' + Panoramax database configuration requires either: + - A complete database URL (services.panoramax.database.url), OR + - All individual database options (host, port, username, password, name) + + Currently configured: + - database.url: ${ + if dbUrlConfigured + then "✓ configured" + else "✗ not configured" + } + - individual options: ${ + if individualDbConfigured + then "✓ all configured" + else "✗ some missing" + } + ''; + } + ]; + # TODO: auto config db } ( From 1d0f51c70ad69b103c630281a75dc65b2776df26 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 11:36:12 -0500 Subject: [PATCH 831/932] chore: addede panoramax.nix to server modules --- modules/nixos-modules/server/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 4ca50e25..87f3dae5 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -14,5 +14,6 @@ ./qbittorent.nix ./paperless.nix ./actual.nix + ./panoramax.nix ]; } From c0579f55dc56e90af409dfbab22bafba4b3338c9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 13:36:07 -0500 Subject: [PATCH 832/932] feat: created sgblur package --- modules/common-modules/pkgs/default.nix | 3 ++ modules/common-modules/pkgs/sgblur.nix | 65 +++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 modules/common-modules/pkgs/sgblur.nix diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index f1235cc3..28141c81 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -28,5 +28,8 @@ (final: prev: { panoramax = pkgs.python3.pkgs.callPackage ./panoramax.nix {}; }) + (final: prev: { + sgblur = pkgs.python3.pkgs.callPackage ./sgblur.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/sgblur.nix b/modules/common-modules/pkgs/sgblur.nix new file mode 100644 index 00000000..d007b4e7 --- /dev/null +++ b/modules/common-modules/pkgs/sgblur.nix @@ -0,0 +1,65 @@ +{ + lib, + python3Packages, + fetchFromGitHub, + pkg-config, + libjpeg_turbo, + exiftran ? libjpeg_turbo, +}: +python3Packages.buildPythonPackage { + pname = "sgblur"; + version = "1.0.0"; + + pyproject = true; + + src = fetchFromGitHub { + owner = "cquest"; + repo = "sgblur"; + rev = "master"; + hash = "sha256-17wpif2sa021kaa1pbkry4l1967la1qd7knhngvxblrvd7jqqz4y="; + }; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + libjpeg_turbo + exiftran + ]; + + build-system = with python3Packages; [ + setuptools + wheel + ]; + + dependencies = with python3Packages; [ + # Core dependencies from pyproject.toml + ultralytics + # pyturbojpeg # May need special handling + pillow + # uuid # Built into Python + # exifread + python-multipart + fastapi + uvicorn + requests + # piexif + pydantic-settings + pydantic + ]; + + # Skip tests as they may require GPU or specific setup + doCheck = false; + + # The package may have import issues due to system dependencies + pythonImportsCheck = []; + + meta = with lib; { + description = "Panoramax Speedy Gonzales Blurring Algorithm - AI-powered face and license plate blurring API"; + homepage = "https://github.com/cquest/sgblur"; + license = licenses.mit; + maintainers = []; + platforms = platforms.unix; + }; +} From 0f87d78271bd2ca520f70bc20cdda6b27a86537b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 14:02:16 -0500 Subject: [PATCH 833/932] feat: updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 6ea6f9b4..ca41b022 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1757255839, - "narHash": "sha256-XH33B1X888Xc/xEXhF1RPq/kzKElM0D5C9N6YdvOvIc=", + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", "owner": "nix-community", "repo": "disko", - "rev": "c8a0e78d86b12ea67be6ed0f7cae7f9bfabae75a", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1757304222, - "narHash": "sha256-s070stByAXxeCLgftTXxFxZ2ynJhghne4Y6cTuqGAaw=", + "lastModified": 1757822625, + "narHash": "sha256-w+V97GrUZK5Lt50DOzhmFGPf3coxfj4TTNHa0rHswuE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fa312c0175ffb82bc67da095439b9cb683ac52bd", + "rev": "5a1d5f5453eef0ea2510d9860d2f803911df6776", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1757256385, - "narHash": "sha256-WK7tOhWwr15mipcckhDg2no/eSpM1nIh4C9le8HgHhk=", + "lastModified": 1757920978, + "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", "owner": "nix-community", "repo": "home-manager", - "rev": "f35703b412c67b48e97beb6e27a6ab96a084cd37", + "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1757130842, - "narHash": "sha256-4i7KKuXesSZGUv0cLPLfxbmF1S72Gf/3aSypgvVkwuA=", + "lastModified": 1757430124, + "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "15f067638e2887c58c4b6ba1bdb65a0b61dc58c5", + "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1757296711, - "narHash": "sha256-7u9/tXUdmTj8x7ofet8aELLBlCHSoA+QOhYKheRdacM=", + "lastModified": 1757901553, + "narHash": "sha256-gW45THWkxnzWpPtjuaDeTnpKFB6i5cZmxk4WuGKhCNc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ab9374ac8c162dacffcd4400e668fd7f9b6f173a", + "rev": "846f1334090a2c44d77850c00d0c17a27ad66618", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757103352, - "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", + "lastModified": 1757943327, + "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", + "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757068644, - "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1754988908, - "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "lastModified": 1757847158, + "narHash": "sha256-TumOaykhZO8SOs/faz6GQhqkOcFLoQvESLSF1cJ4mZc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "rev": "ee6f91c1c11acf7957d94a130de77561ec24b8ab", "type": "github" }, "original": { From dbd5d36913bd38c4485e46d8992f3bd861afa558 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 14:54:31 -0500 Subject: [PATCH 834/932] feat: drafted out reverse proxy config for panoramax --- modules/nixos-modules/server/panoramax.nix | 26 +++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index 0ebd82fc..ad21738e 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -53,6 +53,12 @@ in { description = "The panoramax package to use"; }; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that panoramax will be hosted at"; + default = "panoramax"; + }; + # TODO: sgblur config port = mkOption { type = types.nullOr types.port; @@ -233,7 +239,25 @@ in { } ( lib.mkIf config.host.reverse_proxy.enable { - # TODO: configure reverse proxy here + host = { + reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { + target = "http://localhost:${toString config.services.panoramax.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads for panoramic images + client_max_body_size 100M; + + # set timeout for image processing + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + proxy_redirect off; + ''; + }; + }; } ) ( From 01325c306867c786f2828594ec0eef1fe98c64ab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 15 Sep 2025 15:25:05 -0500 Subject: [PATCH 835/932] feat: drafted out database configuration and sgblur config --- modules/nixos-modules/server/panoramax.nix | 229 ++++++++++++++++----- 1 file changed, 181 insertions(+), 48 deletions(-) diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix index ad21738e..dd026cdb 100644 --- a/modules/nixos-modules/server/panoramax.nix +++ b/modules/nixos-modules/server/panoramax.nix @@ -6,16 +6,14 @@ ... }: with lib; let - cfg = config.services.panoramax; - # Database configuration assertions - dbUrlConfigured = cfg.database.url != null; + dbUrlConfigured = config.services.panoramax.database.url != null; individualDbConfigured = all (x: x != null) [ - cfg.database.host - cfg.database.port - cfg.database.username - cfg.database.password - cfg.database.name + config.services.panoramax.database.host + config.services.panoramax.database.port + config.services.panoramax.database.username + config.services.panoramax.database.password + config.services.panoramax.database.name ]; envContent = '' @@ -23,23 +21,24 @@ with lib; let FLASK_APP=geovisio ${ if dbUrlConfigured - then "DB_URL=${cfg.database.url}" + then "DB_URL=${config.services.panoramax.database.url}" else '' - DB_HOST=${cfg.database.host} - DB_PORT=${toString cfg.database.port} - DB_USERNAME=${cfg.database.username} - DB_PASSWORD=${cfg.database.password} - DB_NAME=${cfg.database.name} + DB_HOST=${config.services.panoramax.database.host} + DB_PORT=${toString config.services.panoramax.database.port} + DB_USERNAME=${config.services.panoramax.database.username} + DB_PASSWORD=${config.services.panoramax.database.password} + DB_NAME=${config.services.panoramax.database.name} '' } - ${optionalString (cfg.storage.fsUrl != null) "FS_URL=${cfg.storage.fsUrl}"} - ${optionalString (cfg.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString cfg.infrastructure.nbProxies}"} - ${optionalString (cfg.flask.secretKey != null) "FLASK_SECRET_KEY=${cfg.flask.secretKey}"} - ${optionalString (cfg.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${cfg.flask.sessionCookieDomain}"} - ${optionalString (cfg.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${cfg.api.pictures.licenseSpdxId}"} - ${optionalString (cfg.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${cfg.api.pictures.licenseUrl}"} - ${optionalString (cfg.port != null) "PORT=${toString cfg.port}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") cfg.extraEnvironment)} + ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} ''; envFile = pkgs.writeText "panoramax.env" envContent; @@ -59,26 +58,13 @@ in { default = "panoramax"; }; - # TODO: sgblur config - port = mkOption { - type = types.nullOr types.port; - default = 5000; - description = "Port for the Panoramax service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the Panoramax service to"; - }; - - urlScheme = mkOption { - type = types.enum ["http" "https"]; - default = "https"; - description = "URL scheme for the application"; - }; - database = { + createDB = mkOption { + type = types.bool; + default = true; + description = "Whether to automatically create the database and user"; + }; + url = mkOption { type = types.nullOr types.str; default = null; @@ -113,12 +99,62 @@ in { }; name = mkOption { - type = types.nullOr types.str; + type = types.str; default = "panoramax"; description = "Database name (ignored if database.url is set)"; }; }; + sgblur = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable sgblur integration for face and license plate blurring"; + }; + + package = mkOption { + type = types.package; + default = pkgs.sgblur; + description = "The sgblur package to use"; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "Port for the sgblur service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the sgblur service to"; + }; + + url = mkOption { + type = types.str; + default = "http://127.0.0.1:8080"; + description = "URL where sgblur service is accessible"; + }; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5000; + description = "Port for the Panoramax service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the Panoramax service to"; + }; + + urlScheme = mkOption { + type = types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + storage = { fsUrl = mkOption { type = types.nullOr types.str; @@ -179,10 +215,14 @@ in { config = lib.mkIf config.services.panoramax.enable ( lib.mkMerge [ { - environment.systemPackages = with pkgs; [ - config.services.panoramax.package - python3Packages.waitress - ]; + environment.systemPackages = with pkgs; + [ + config.services.panoramax.package + python3Packages.waitress + ] + ++ optionals config.services.panoramax.sgblur.enable [ + config.services.panoramax.sgblur.package + ]; systemd.services.panoramax = { description = "Panoramax Service"; @@ -233,10 +273,103 @@ in { } ''; } - ]; + { + assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); + message = '' + Panoramax createDB option can only be used with socket connections when a database URL is provided. + Socket connections are identified by: + - URLs starting with "unix:" + - URLs starting with "/run/" + - Host paths starting with "/" - # TODO: auto config db + Current configuration: + - createDB: ${lib.boolToString config.services.panoramax.database.createDB} + - database.url: ${ + if config.services.panoramax.database.url != null + then config.services.panoramax.database.url + else "not set" + } + - database.host: ${config.services.panoramax.database.host} + ''; + } + ]; } + ( + lib.mkIf config.services.panoramax.sgblur.enable { + systemd.services.sgblur = { + description = "SGBlur AI-powered face and license plate blurring service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${config.services.panoramax.sgblur.package}/bin/uvicorn sgblur.main:app --host ${config.services.panoramax.sgblur.host} --port ${toString config.services.panoramax.sgblur.port}"; + Restart = "always"; + User = "sgblur"; + Group = "sgblur"; + WorkingDirectory = "/var/lib/sgblur"; + Environment = "PYTHONPATH=${config.services.panoramax.sgblur.package}/lib/python3.11/site-packages"; + }; + }; + + users.users.sgblur = { + isSystemUser = true; + group = "sgblur"; + home = "/var/lib/sgblur"; + createHome = true; + }; + + users.groups.sgblur = {}; + + systemd.tmpfiles.rules = [ + "d /var/lib/sgblur 0755 sgblur sgblur -" + ]; + + # Update panoramax service dependencies when sgblur is enabled + systemd.services.panoramax = { + after = ["sgblur.service"]; + wants = ["sgblur.service"]; + }; + } + ) + ( + lib.mkIf config.services.panoramax.database.createDB { + services.postgresql = { + enable = true; + ensureDatabases = [config.services.panoramax.database.name]; + ensureUsers = [ + { + name = config.services.panoramax.database.username; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + extensions = ps: with ps; [postgis]; + settings = { + shared_preload_libraries = ["postgis"]; + }; + }; + + systemd.services.postgresql.serviceConfig.ExecStartPost = let + sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' + CREATE EXTENSION IF NOT EXISTS postgis; + CREATE EXTENSION IF NOT EXISTS postgis_topology; + CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; + CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; + + ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; + GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; + ''; + in [ + '' + ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" + '' + ]; + + systemd.services.panoramax = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; + } + ) ( lib.mkIf config.host.reverse_proxy.enable { host = { From b2e5ae1f98be4cece2bbab8ae1a9c7ba5d7df9aa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 09:58:35 -0500 Subject: [PATCH 836/932] build: updated flake lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index ca41b022..b6e48bb3 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1757822625, - "narHash": "sha256-w+V97GrUZK5Lt50DOzhmFGPf3coxfj4TTNHa0rHswuE=", + "lastModified": 1757995413, + "narHash": "sha256-vaU/7/PXoym6vnspGxhR29V9klGe9iy9zmp6x7w38f8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5a1d5f5453eef0ea2510d9860d2f803911df6776", + "rev": "4ae8996b3e139926c784acd22824cde46cd28833", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1757920978, - "narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", + "lastModified": 1757997814, + "narHash": "sha256-F+1aoG+3NH4jDDEmhnDUReISyq6kQBBuktTUqCUWSiw=", "owner": "nix-community", "repo": "home-manager", - "rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", + "rev": "5820376beb804de9acf07debaaff1ac84728b708", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1757901553, - "narHash": "sha256-gW45THWkxnzWpPtjuaDeTnpKFB6i5cZmxk4WuGKhCNc=", + "lastModified": 1757987448, + "narHash": "sha256-ltDT7EIfLHV42p99HnDfDviC8jN7tcOed1qsLEFypl8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "846f1334090a2c44d77850c00d0c17a27ad66618", + "rev": "e496568b0e69d9d54c8cfef96ed1370952ad9786", "type": "github" }, "original": { @@ -319,11 +319,11 @@ ] }, "locked": { - "lastModified": 1757847158, - "narHash": "sha256-TumOaykhZO8SOs/faz6GQhqkOcFLoQvESLSF1cJ4mZc=", + "lastModified": 1758007585, + "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ee6f91c1c11acf7957d94a130de77561ec24b8ab", + "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", "type": "github" }, "original": { From cdeb4e108b4604acf9ec15bd2e9bcfb906a2f0a2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 10:14:33 -0500 Subject: [PATCH 837/932] refactor: split server modules into smaller more manageable files --- modules/nixos-modules/server/actual.nix | 56 --- modules/nixos-modules/server/actual/const.nix | 3 + .../nixos-modules/server/actual/default.nix | 34 ++ .../nixos-modules/server/actual/fail2ban.nix | 9 + .../server/actual/impermanence.nix | 26 ++ modules/nixos-modules/server/actual/proxy.nix | 13 + modules/nixos-modules/server/default.nix | 23 +- modules/nixos-modules/server/forgejo.nix | 128 ------ .../nixos-modules/server/forgejo/const.nix | 4 + .../nixos-modules/server/forgejo/database.nix | 41 ++ .../nixos-modules/server/forgejo/default.nix | 61 +++ .../nixos-modules/server/forgejo/fail2ban.nix | 32 ++ .../server/forgejo/impermanence.nix | 28 ++ .../nixos-modules/server/forgejo/proxy.nix | 18 + .../nixos-modules/server/home-assistant.nix | 230 ---------- .../server/home-assistant/database.nix | 56 +++ .../server/home-assistant/default.nix | 118 +++++ .../home-assistant/extensions/default.nix | 12 + .../home-assistant/extensions/jellyfin.nix | 9 + .../home-assistant/extensions/sonos.nix | 11 + .../home-assistant/extensions/wyoming.nix | 9 + .../server/home-assistant/fail2ban.nix | 39 ++ .../server/home-assistant/impermanence.nix | 26 ++ .../server/home-assistant/proxy.nix | 24 ++ modules/nixos-modules/server/immich.nix | 99 ----- .../nixos-modules/server/immich/database.nix | 26 ++ .../nixos-modules/server/immich/default.nix | 28 ++ .../nixos-modules/server/immich/fail2ban.nix | 26 ++ .../server/immich/impermanence.nix | 25 ++ modules/nixos-modules/server/immich/proxy.nix | 27 ++ modules/nixos-modules/server/jellyfin.nix | 147 ------- .../nixos-modules/server/jellyfin/default.nix | 48 +++ .../server/jellyfin/fail2ban.nix | 32 ++ .../server/jellyfin/impermanence.nix | 66 +++ .../nixos-modules/server/jellyfin/proxy.nix | 25 ++ modules/nixos-modules/server/panoramax.nix | 408 ------------------ .../server/panoramax/default.nix | 340 +++++++++++++++ .../server/panoramax/fail2ban.nix | 11 + .../server/panoramax/impermanence.nix | 14 + .../nixos-modules/server/panoramax/proxy.nix | 27 ++ modules/nixos-modules/server/paperless.nix | 113 ----- .../server/paperless/database.nix | 34 ++ .../server/paperless/default.nix | 40 ++ .../server/paperless/fail2ban.nix | 34 ++ .../server/paperless/impermanence.nix | 25 ++ .../nixos-modules/server/paperless/proxy.nix | 21 + modules/nixos-modules/server/searx.nix | 78 ---- .../nixos-modules/server/searx/default.nix | 71 +++ modules/nixos-modules/server/searx/proxy.nix | 14 + 49 files changed, 1519 insertions(+), 1270 deletions(-) delete mode 100644 modules/nixos-modules/server/actual.nix create mode 100644 modules/nixos-modules/server/actual/const.nix create mode 100644 modules/nixos-modules/server/actual/default.nix create mode 100644 modules/nixos-modules/server/actual/fail2ban.nix create mode 100644 modules/nixos-modules/server/actual/impermanence.nix create mode 100644 modules/nixos-modules/server/actual/proxy.nix delete mode 100644 modules/nixos-modules/server/forgejo.nix create mode 100644 modules/nixos-modules/server/forgejo/const.nix create mode 100644 modules/nixos-modules/server/forgejo/database.nix create mode 100644 modules/nixos-modules/server/forgejo/default.nix create mode 100644 modules/nixos-modules/server/forgejo/fail2ban.nix create mode 100644 modules/nixos-modules/server/forgejo/impermanence.nix create mode 100644 modules/nixos-modules/server/forgejo/proxy.nix delete mode 100644 modules/nixos-modules/server/home-assistant.nix create mode 100644 modules/nixos-modules/server/home-assistant/database.nix create mode 100644 modules/nixos-modules/server/home-assistant/default.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/default.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/sonos.nix create mode 100644 modules/nixos-modules/server/home-assistant/extensions/wyoming.nix create mode 100644 modules/nixos-modules/server/home-assistant/fail2ban.nix create mode 100644 modules/nixos-modules/server/home-assistant/impermanence.nix create mode 100644 modules/nixos-modules/server/home-assistant/proxy.nix delete mode 100644 modules/nixos-modules/server/immich.nix create mode 100644 modules/nixos-modules/server/immich/database.nix create mode 100644 modules/nixos-modules/server/immich/default.nix create mode 100644 modules/nixos-modules/server/immich/fail2ban.nix create mode 100644 modules/nixos-modules/server/immich/impermanence.nix create mode 100644 modules/nixos-modules/server/immich/proxy.nix delete mode 100644 modules/nixos-modules/server/jellyfin.nix create mode 100644 modules/nixos-modules/server/jellyfin/default.nix create mode 100644 modules/nixos-modules/server/jellyfin/fail2ban.nix create mode 100644 modules/nixos-modules/server/jellyfin/impermanence.nix create mode 100644 modules/nixos-modules/server/jellyfin/proxy.nix delete mode 100644 modules/nixos-modules/server/panoramax.nix create mode 100644 modules/nixos-modules/server/panoramax/default.nix create mode 100644 modules/nixos-modules/server/panoramax/fail2ban.nix create mode 100644 modules/nixos-modules/server/panoramax/impermanence.nix create mode 100644 modules/nixos-modules/server/panoramax/proxy.nix delete mode 100644 modules/nixos-modules/server/paperless.nix create mode 100644 modules/nixos-modules/server/paperless/database.nix create mode 100644 modules/nixos-modules/server/paperless/default.nix create mode 100644 modules/nixos-modules/server/paperless/fail2ban.nix create mode 100644 modules/nixos-modules/server/paperless/impermanence.nix create mode 100644 modules/nixos-modules/server/paperless/proxy.nix delete mode 100644 modules/nixos-modules/server/searx.nix create mode 100644 modules/nixos-modules/server/searx/default.nix create mode 100644 modules/nixos-modules/server/searx/proxy.nix diff --git a/modules/nixos-modules/server/actual.nix b/modules/nixos-modules/server/actual.nix deleted file mode 100644 index 80f4fabf..00000000 --- a/modules/nixos-modules/server/actual.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDirectory = "/var/lib/actual/"; -in { - options.services.actual = { - subdomain = lib.mkOption { - type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; - }; - }; - - config = lib.mkIf config.services.actual.enable (lib.mkMerge [ - { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - - services.actual = { - settings = { - ACTUAL_DATA_DIR = dataDirectory; - }; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - # TODO: configuration for fail2ban for actual - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; - message = "actual data location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDirectory; - user = "actual"; - group = "actual"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/actual/const.nix b/modules/nixos-modules/server/actual/const.nix new file mode 100644 index 00000000..13b068e8 --- /dev/null +++ b/modules/nixos-modules/server/actual/const.nix @@ -0,0 +1,3 @@ +{ + dataDirectory = "/var/lib/actual/"; +} diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix new file mode 100644 index 00000000..bef7a05f --- /dev/null +++ b/modules/nixos-modules/server/actual/default.nix @@ -0,0 +1,34 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + imports = [ + ./proxy.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.actual = { + subdomain = lib.mkOption { + type = lib.types.str; + default = "actual"; + description = "subdomain of base domain that actual will be hosted at"; + }; + }; + + config = lib.mkIf config.services.actual.enable { + systemd.tmpfiles.rules = [ + "d ${dataDirectory} 2770 actual actual" + ]; + + services.actual = { + settings = { + ACTUAL_DATA_DIR = dataDirectory; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/fail2ban.nix b/modules/nixos-modules/server/actual/fail2ban.nix new file mode 100644 index 00000000..3ad754e8 --- /dev/null +++ b/modules/nixos-modules/server/actual/fail2ban.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.actual.enable && config.services.fail2ban.enable) { + # TODO: configuration for fail2ban for actual + }; +} diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix new file mode 100644 index 00000000..5eee95ac --- /dev/null +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + config = lib.mkIf (config.services.actual.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; + message = "actual data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDirectory; + user = "actual"; + group = "actual"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix new file mode 100644 index 00000000..e20a6cd2 --- /dev/null +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -0,0 +1,13 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.actual.subdomain} = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 87f3dae5..15f833b8 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,19 +1,20 @@ {...}: { imports = [ - ./fail2ban.nix - ./network_storage ./reverse_proxy.nix + ./fail2ban.nix ./postgres.nix + ./network_storage ./podman.nix - ./jellyfin.nix - ./forgejo.nix - ./searx.nix - ./home-assistant.nix - ./wyoming.nix - ./immich.nix + + ./actual + ./immich + ./panoramax + ./forgejo + ./home-assistant + ./jellyfin + ./paperless + ./searx ./qbittorent.nix - ./paperless.nix - ./actual.nix - ./panoramax.nix + ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix deleted file mode 100644 index 3b196952..00000000 --- a/modules/nixos-modules/server/forgejo.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - forgejoPort = 8081; - stateDir = "/var/lib/forgejo"; - db_user = "forgejo"; - sshPort = 22222; -in { - options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; - }; - }; - - config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; - message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; - } - ]; - host = { - postgres = { - enable = true; - extraUsers = { - ${db_user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${db_user} = { - name = db_user; - }; - }; - }; - }; - - services.forgejo = { - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; - HTTP_PORT = forgejoPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ - config.services.forgejo.settings.server.SSH_LISTEN_PORT - ]; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { - target = "http://localhost:${toString forgejoPort}"; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " - '') - ); - }; - - services.fail2ban = { - jails = { - forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { - enabled = true; - filter = "forgejo"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.forgejo.stateDir == stateDir; - message = "forgejo state directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = stateDir; - user = "forgejo"; - group = "forgejo"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/forgejo/const.nix b/modules/nixos-modules/server/forgejo/const.nix new file mode 100644 index 00000000..10e39740 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/const.nix @@ -0,0 +1,4 @@ +{ + httpPort = 8081; + sshPort = 22222; +} diff --git a/modules/nixos-modules/server/forgejo/database.nix b/modules/nixos-modules/server/forgejo/database.nix new file mode 100644 index 00000000..0417aabd --- /dev/null +++ b/modules/nixos-modules/server/forgejo/database.nix @@ -0,0 +1,41 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf config.services.forgejo.enable ( + lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + + assertions = [ + { + assertion = config.services.forgejo.settings.database.DB_TYPE == "postgres"; + message = "Forgejo database type must be postgres"; + } + ]; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + forgejo = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + forgejo = { + name = "forgejo"; + }; + }; + }; + }; + }) + ] + ); +} diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix new file mode 100644 index 00000000..cec26301 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -0,0 +1,61 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; + sshPort = const.sshPort; + db_user = "forgejo"; +in { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.forgejo = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that forgejo will be hosted at"; + default = "forgejo"; + }; + }; + + config = lib.mkIf config.services.forgejo.enable { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; + + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + HTTP_PORT = httpPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/fail2ban.nix b/modules/nixos-modules/server/forgejo/fail2ban.nix new file mode 100644 index 00000000..213c804a --- /dev/null +++ b/modules/nixos-modules/server/forgejo/fail2ban.nix @@ -0,0 +1,32 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = lib.mkIf (config.services.forgejo.enable && config.services.fail2ban.enable) { + environment.etc = { + "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " + '') + ); + }; + + services.fail2ban = { + jails = { + forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { + enabled = true; + filter = "forgejo"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix new file mode 100644 index 00000000..04f21a5e --- /dev/null +++ b/modules/nixos-modules/server/forgejo/impermanence.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: let + stateDir = "/var/lib/forgejo"; +in { + config = lib.mkIf (config.services.forgejo.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.forgejo.stateDir == stateDir; + message = "forgejo state directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = stateDir; + user = "forgejo"; + group = "forgejo"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix new file mode 100644 index 00000000..9e85f78b --- /dev/null +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; +in { + config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { + host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + target = "http://localhost:${toString httpPort}"; + }; + + networking.firewall.allowedTCPPorts = [ + config.services.forgejo.settings.server.SSH_LISTEN_PORT + ]; + }; +} diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix deleted file mode 100644 index baf66832..00000000 --- a/modules/nixos-modules/server/home-assistant.nix +++ /dev/null @@ -1,230 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - configDir = "/var/lib/hass"; - dbUser = "hass"; -in { - options.services.home-assistant = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - - database = lib.mkOption { - type = lib.types.enum [ - "builtin" - "postgres" - ]; - description = "what database do we want to use"; - default = "builtin"; - }; - - extensions = { - sonos = { - enable = lib.mkEnableOption "enable the sonos plugin"; - port = lib.mkOption { - type = lib.types.int; - default = 1400; - description = "what port to use for sonos discovery"; - }; - }; - jellyfin = { - enable = lib.mkEnableOption "enable the jellyfin plugin"; - }; - wyoming = { - enable = lib.mkEnableOption "enable wyoming"; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - { - services.home-assistant = { - configDir = configDir; - extraComponents = [ - "default_config" - "esphome" - "met" - "radio_browser" - "isal" - "zha" - "webostv" - "tailscale" - "syncthing" - "analytics_insights" - "unifi" - "openweathermap" - "ollama" - "mobile_app" - "logbook" - "ssdp" - "usb" - "webhook" - "bluetooth" - "dhcp" - "energy" - "history" - "backup" - "assist_pipeline" - "conversation" - "sun" - "zeroconf" - "cpuspeed" - ]; - config = { - http = { - server_port = 8123; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - homeassistant = { - external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; - # internal_url = "http://192.168.1.2:8123"; - }; - recorder.db_url = "postgresql://@/${dbUser}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - mobile_app = {}; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts - ]; - }; - - # TODO: configure /var/lib/hass/secrets.yaml via sops - - networking.firewall.allowedUDPPorts = [ - 1900 - ]; - - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - } - (lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { - services.home-assistant.extraComponents = ["sonos"]; - networking.firewall.allowedTCPPorts = [ - config.services.home-assistant.extensions.sonos.port - ]; - }) - (lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { - services.home-assistant.extraComponents = ["jellyfin"]; - # TODO: configure port, address, and login information here - }) - (lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { - services.home-assistant.extraComponents = ["wyoming"]; - services.wyoming.enable = true; - }) - (lib.mkIf (config.services.home-assistant.database == "postgres") { - host = { - postgres = { - enable = true; - extraUsers = { - ${dbUser} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${dbUser} = { - name = dbUser; - }; - }; - }; - }; - - services.home-assistant = { - extraPackages = python3Packages: - with python3Packages; [ - psycopg2 - ]; - }; - - systemd.services.home-assistant = { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }) - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - ignoreregex = - - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); - }; - - services.fail2ban = { - jails = { - home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = configDir; - user = "hass"; - group = "hass"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/home-assistant/database.nix b/modules/nixos-modules/server/home-assistant/database.nix new file mode 100644 index 00000000..0ac8002f --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/database.nix @@ -0,0 +1,56 @@ +{ + lib, + config, + ... +}: let + dbUser = "hass"; +in { + config = lib.mkIf config.services.home-assistant.enable ( + lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + + assertions = [ + { + assertion = config.services.home-assistant.database == "postgres"; + message = "Home Assistant database type must be postgres"; + } + ]; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${dbUser} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${dbUser} = { + name = dbUser; + }; + }; + }; + }; + + services.home-assistant = { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }) + ] + ); +} diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix new file mode 100644 index 00000000..6edf0c05 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -0,0 +1,118 @@ +{ + lib, + config, + ... +}: { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ./extensions + ]; + + options.services.home-assistant = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + configDir = "/var/lib/hass"; + extraComponents = [ + "default_config" + "esphome" + "met" + "radio_browser" + "isal" + "zha" + "webostv" + "tailscale" + "syncthing" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + homeassistant = { + external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; + # internal_url = "http://192.168.1.2:8123"; + }; + recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + mobile_app = {}; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; + + # TODO: configure /var/lib/hass/secrets.yaml via sops + + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; + } + ]); +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/default.nix b/modules/nixos-modules/server/home-assistant/extensions/default.nix new file mode 100644 index 00000000..9ef84a3f --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/default.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ./sonos.nix + ./jellyfin.nix + ./wyoming.nix + ]; +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix b/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix new file mode 100644 index 00000000..29af274b --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { + services.home-assistant.extraComponents = ["jellyfin"]; + # TODO: configure port, address, and login information here +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/sonos.nix b/modules/nixos-modules/server/home-assistant/extensions/sonos.nix new file mode 100644 index 00000000..c70649fb --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/sonos.nix @@ -0,0 +1,11 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { + services.home-assistant.extraComponents = ["sonos"]; + networking.firewall.allowedTCPPorts = [ + config.services.home-assistant.extensions.sonos.port + ]; +} diff --git a/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix b/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix new file mode 100644 index 00000000..840d360b --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix @@ -0,0 +1,9 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { + services.home-assistant.extraComponents = ["wyoming"]; + services.wyoming.enable = true; +} diff --git a/modules/nixos-modules/server/home-assistant/fail2ban.nix b/modules/nixos-modules/server/home-assistant/fail2ban.nix new file mode 100644 index 00000000..6ac5900f --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/fail2ban.nix @@ -0,0 +1,39 @@ +{ + lib, + pkgs, + config, + ... +}: +lib.mkIf (config.services.fail2ban.enable && config.services.home-assistant.enable) { + environment.etc = { + "fail2ban/filter.d/hass.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/home-assistant/impermanence.nix b/modules/nixos-modules/server/home-assistant/impermanence.nix new file mode 100644 index 00000000..8c056a1c --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + configDir = "/var/lib/hass"; +in + lib.mkIf (config.host.impermanence.enable && config.services.home-assistant.enable) { + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = configDir; + user = "hass"; + group = "hass"; + } + ]; + }; + } diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix new file mode 100644 index 00000000..63396b58 --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -0,0 +1,24 @@ +{ + lib, + config, + ... +}: +lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + + proxy_buffering off; + + proxy_read_timeout 90; + ''; + }; + }; +} diff --git a/modules/nixos-modules/server/immich.nix b/modules/nixos-modules/server/immich.nix deleted file mode 100644 index fa376e44..00000000 --- a/modules/nixos-modules/server/immich.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - mediaLocation = "/var/lib/immich"; -in { - options.services.immich = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; - }; - }; - - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - extraUsers = { - ${config.services.immich.database.user} = { - isClient = true; - }; - }; - }; - }; - - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { - allowedUDPPorts = [ - config.services.immich.port - ]; - allowedTCPPorts = [ - config.services.immich.port - ]; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/immich.local".text = lib.mkIf config.services.immich.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = immich-server.*Failed login attempt for user.+from ip address\s? - journalmatch = CONTAINER_TAG=immich-server - '') - ); - }; - - services.fail2ban = { - jails = { - immich-iptables.settings = lib.mkIf config.services.immich.enable { - enabled = true; - filter = "immich"; - backend = "systemd"; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.immich.mediaLocation == mediaLocation; - message = "immich media location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = mediaLocation; - user = "immich"; - group = "immich"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/immich/database.nix b/modules/nixos-modules/server/immich/database.nix new file mode 100644 index 00000000..74b1aaa9 --- /dev/null +++ b/modules/nixos-modules/server/immich/database.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf config.services.immich.enable (lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.immich.database.user} = { + isClient = true; + }; + }; + }; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/immich/default.nix b/modules/nixos-modules/server/immich/default.nix new file mode 100644 index 00000000..9d782f07 --- /dev/null +++ b/modules/nixos-modules/server/immich/default.nix @@ -0,0 +1,28 @@ +{lib, ...}: { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.immich = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that immich will be hosted at"; + default = "immich"; + }; + }; + + # NOTE: This shouldn't be needed now that we are out of testing + # config = lib.mkIf config.services.immich.enable { + # networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { + # allowedUDPPorts = [ + # config.services.immich.port + # ]; + # allowedTCPPorts = [ + # config.services.immich.port + # ]; + # }; + # }; +} diff --git a/modules/nixos-modules/server/immich/fail2ban.nix b/modules/nixos-modules/server/immich/fail2ban.nix new file mode 100644 index 00000000..c9ec87bf --- /dev/null +++ b/modules/nixos-modules/server/immich/fail2ban.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + pkgs, + ... +}: { + config = lib.mkIf (config.services.fail2ban.enable && config.services.immich.enable) { + environment.etc = { + "fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = immich-server.*Failed login attempt for user.+from ip address\s? + journalmatch = CONTAINER_TAG=immich-server + ''); + }; + + services.fail2ban = { + jails = { + immich-iptables.settings = { + enabled = true; + filter = "immich"; + backend = "systemd"; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix new file mode 100644 index 00000000..f63d178f --- /dev/null +++ b/modules/nixos-modules/server/immich/impermanence.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: let + mediaLocation = "/var/lib/immich"; +in { + config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.immich.mediaLocation == mediaLocation; + message = "immich media location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = mediaLocation; + user = "immich"; + group = "immich"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix new file mode 100644 index 00000000..9d8790a2 --- /dev/null +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -0,0 +1,27 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.immich.subdomain} = { + target = "http://localhost:${toString config.services.immich.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + + # set timeout + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + proxy_redirect off; + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix deleted file mode 100644 index 85c870f9..00000000 --- a/modules/nixos-modules/server/jellyfin.nix +++ /dev/null @@ -1,147 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - jellyfinPort = 8096; - dlanPort = 1900; - jellyfin_data_directory = "/var/lib/jellyfin"; - jellyfin_cache_directory = "/var/cache/jellyfin"; -in { - options.services.jellyfin = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; - default = []; - }; - media_directory = lib.mkOption { - type = lib.types.str; - description = "directory jellyfin media will be hosted at"; - default = "/srv/jellyfin/media"; - }; - }; - - config = lib.mkIf config.services.jellyfin.enable ( - lib.mkMerge [ - { - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - } - (lib.mkIf config.host.reverse_proxy.enable { - host.reverse_proxy.subdomains.jellyfin = { - target = "http://localhost:${toString jellyfinPort}"; - - subdomain = config.services.jellyfin.subdomain; - extraSubdomains = config.services.jellyfin.extraSubdomains; - - forwardHeaders.enable = true; - - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - - proxy_buffering off; - ''; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/jellyfin.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." - '') - ); - }; - - services.fail2ban = { - jails = { - jellyfin-iptables.settings = { - enabled = true; - filter = "jellyfin"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.jellyfin.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - fileSystems."/persist/system/jellyfin".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/jellyfin" = { - type = "zfs_fs"; - mountpoint = "/persist/system/jellyfin"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = jellyfin_data_directory; - user = "jellyfin"; - group = "jellyfin"; - } - { - directory = jellyfin_cache_directory; - user = "jellyfin"; - group = "jellyfin"; - } - ]; - }; - - "/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.jellyfin.media_directory; - user = "jellyfin"; - group = "jellyfin_media"; - mode = "1770"; - } - ]; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix new file mode 100644 index 00000000..238ce3ac --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -0,0 +1,48 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; + dlanPort = 1900; +in { + imports = [ + ./proxy.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.jellyfin = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "ex subdomain of base domain that jellyfin will be hosted at"; + default = []; + }; + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; + }; + + config = lib.mkIf config.services.jellyfin.enable { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/fail2ban.nix b/modules/nixos-modules/server/jellyfin/fail2ban.nix new file mode 100644 index 00000000..ba8d8bac --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/fail2ban.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: { + config = lib.mkIf (config.services.jellyfin.enable && config.services.fail2ban.enable) { + environment.etc = { + "fail2ban/filter.d/jellyfin.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "^.*Authentication request for .* has been denied \\\\\\(IP: \\\"\\\"\\\\\\)\\\\\\." + '') + ); + }; + + services.fail2ban = { + jails = { + jellyfin-iptables.settings = { + enabled = true; + filter = "jellyfin"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.jellyfin.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix new file mode 100644 index 00000000..e0b3b5d5 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/impermanence.nix @@ -0,0 +1,66 @@ +{ + lib, + config, + ... +}: let + jellyfin_data_directory = "/var/lib/jellyfin"; + jellyfin_cache_directory = "/var/cache/jellyfin"; +in { + config = lib.mkIf (config.services.jellyfin.enable && config.host.impermanence.enable) { + fileSystems."/persist/system/jellyfin".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/jellyfin" = { + type = "zfs_fs"; + mountpoint = "/persist/system/jellyfin"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; + message = "jellyfin data directory does not match persistence"; + } + { + assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; + message = "jellyfin cache directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = jellyfin_data_directory; + user = "jellyfin"; + group = "jellyfin"; + } + { + directory = jellyfin_cache_directory; + user = "jellyfin"; + group = "jellyfin"; + } + ]; + }; + + "/persist/system/jellyfin" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.jellyfin.media_directory; + user = "jellyfin"; + group = "jellyfin_media"; + mode = "1770"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix new file mode 100644 index 00000000..5edb8653 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: let + jellyfinPort = 8096; +in { + config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { + host.reverse_proxy.subdomains.jellyfin = { + target = "http://localhost:${toString jellyfinPort}"; + + subdomain = config.services.jellyfin.subdomain; + extraSubdomains = config.services.jellyfin.extraSubdomains; + + forwardHeaders.enable = true; + + extraConfig = '' + client_max_body_size 20M; + add_header X-Content-Type-Options "nosniff"; + + proxy_buffering off; + ''; + }; + }; +} diff --git a/modules/nixos-modules/server/panoramax.nix b/modules/nixos-modules/server/panoramax.nix deleted file mode 100644 index dd026cdb..00000000 --- a/modules/nixos-modules/server/panoramax.nix +++ /dev/null @@ -1,408 +0,0 @@ -{ - config, - lib, - pkgs, - osConfig, - ... -}: -with lib; let - # Database configuration assertions - dbUrlConfigured = config.services.panoramax.database.url != null; - individualDbConfigured = all (x: x != null) [ - config.services.panoramax.database.host - config.services.panoramax.database.port - config.services.panoramax.database.username - config.services.panoramax.database.password - config.services.panoramax.database.name - ]; - - envContent = '' - # Panoramax Configuration - FLASK_APP=geovisio - ${ - if dbUrlConfigured - then "DB_URL=${config.services.panoramax.database.url}" - else '' - DB_HOST=${config.services.panoramax.database.host} - DB_PORT=${toString config.services.panoramax.database.port} - DB_USERNAME=${config.services.panoramax.database.username} - DB_PASSWORD=${config.services.panoramax.database.password} - DB_NAME=${config.services.panoramax.database.name} - '' - } - ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} - ''; - - envFile = pkgs.writeText "panoramax.env" envContent; -in { - options.services.panoramax = { - enable = lib.mkEnableOption "panoramax"; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.panoramax; - description = "The panoramax package to use"; - }; - - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; - }; - - database = { - createDB = mkOption { - type = types.bool; - default = true; - description = "Whether to automatically create the database and user"; - }; - - url = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). - If provided, individual database options (host, port, username, password, name) are ignored. - ''; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5432; - description = "Database port (ignored if database.url is set)"; - }; - - host = mkOption { - type = types.nullOr types.str; - default = "localhost"; - description = "Database host (ignored if database.url is set)"; - }; - - username = mkOption { - type = types.nullOr types.str; - default = "panoramax"; - description = "Database username (ignored if database.url is set)"; - }; - - password = mkOption { - type = types.nullOr types.str; - default = null; - description = "Database password (ignored if database.url is set)"; - }; - - name = mkOption { - type = types.str; - default = "panoramax"; - description = "Database name (ignored if database.url is set)"; - }; - }; - - sgblur = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to enable sgblur integration for face and license plate blurring"; - }; - - package = mkOption { - type = types.package; - default = pkgs.sgblur; - description = "The sgblur package to use"; - }; - - port = mkOption { - type = types.port; - default = 8080; - description = "Port for the sgblur service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the sgblur service to"; - }; - - url = mkOption { - type = types.str; - default = "http://127.0.0.1:8080"; - description = "URL where sgblur service is accessible"; - }; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5000; - description = "Port for the Panoramax service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the Panoramax service to"; - }; - - urlScheme = mkOption { - type = types.enum ["http" "https"]; - default = "https"; - description = "URL scheme for the application"; - }; - - storage = { - fsUrl = mkOption { - type = types.nullOr types.str; - default = "/var/lib/panoramax/storage"; - description = "File system URL for storage"; - }; - }; - - infrastructure = { - nbProxies = mkOption { - type = types.nullOr types.int; - default = 1; - description = "Number of proxies in front of the application"; - }; - }; - - flask = { - secretKey = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask secret key for session security"; - }; - - sessionCookieDomain = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask session cookie domain"; - }; - }; - - api = { - pictures = { - licenseSpdxId = mkOption { - type = types.nullOr types.str; - default = null; - description = "SPDX license identifier for API pictures"; - }; - - licenseUrl = mkOption { - type = types.nullOr types.str; - default = null; - description = "License URL for API pictures"; - }; - }; - }; - - extraEnvironment = mkOption { - type = types.attrsOf types.str; - default = {}; - description = "Additional environment variables"; - example = { - CUSTOM_SETTING = "value"; - DEBUG = "true"; - }; - }; - }; - - config = lib.mkIf config.services.panoramax.enable ( - lib.mkMerge [ - { - environment.systemPackages = with pkgs; - [ - config.services.panoramax.package - python3Packages.waitress - ] - ++ optionals config.services.panoramax.sgblur.enable [ - config.services.panoramax.sgblur.package - ]; - - systemd.services.panoramax = { - description = "Panoramax Service"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; - Restart = "always"; - User = "panoramax"; - Group = "panoramax"; - WorkingDirectory = "/var/lib/panoramax"; - Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; - }; - }; - - users.users.panoramax = { - isSystemUser = true; - group = "panoramax"; - home = "/var/lib/panoramax"; - createHome = true; - }; - - users.groups.panoramax = {}; - - systemd.tmpfiles.rules = [ - "d /var/lib/panoramax 0755 panoramax panoramax -" - "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" - ]; - - assertions = [ - { - assertion = dbUrlConfigured || individualDbConfigured; - message = '' - Panoramax database configuration requires either: - - A complete database URL (services.panoramax.database.url), OR - - All individual database options (host, port, username, password, name) - - Currently configured: - - database.url: ${ - if dbUrlConfigured - then "✓ configured" - else "✗ not configured" - } - - individual options: ${ - if individualDbConfigured - then "✓ all configured" - else "✗ some missing" - } - ''; - } - { - assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); - message = '' - Panoramax createDB option can only be used with socket connections when a database URL is provided. - Socket connections are identified by: - - URLs starting with "unix:" - - URLs starting with "/run/" - - Host paths starting with "/" - - Current configuration: - - createDB: ${lib.boolToString config.services.panoramax.database.createDB} - - database.url: ${ - if config.services.panoramax.database.url != null - then config.services.panoramax.database.url - else "not set" - } - - database.host: ${config.services.panoramax.database.host} - ''; - } - ]; - } - ( - lib.mkIf config.services.panoramax.sgblur.enable { - systemd.services.sgblur = { - description = "SGBlur AI-powered face and license plate blurring service"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${config.services.panoramax.sgblur.package}/bin/uvicorn sgblur.main:app --host ${config.services.panoramax.sgblur.host} --port ${toString config.services.panoramax.sgblur.port}"; - Restart = "always"; - User = "sgblur"; - Group = "sgblur"; - WorkingDirectory = "/var/lib/sgblur"; - Environment = "PYTHONPATH=${config.services.panoramax.sgblur.package}/lib/python3.11/site-packages"; - }; - }; - - users.users.sgblur = { - isSystemUser = true; - group = "sgblur"; - home = "/var/lib/sgblur"; - createHome = true; - }; - - users.groups.sgblur = {}; - - systemd.tmpfiles.rules = [ - "d /var/lib/sgblur 0755 sgblur sgblur -" - ]; - - # Update panoramax service dependencies when sgblur is enabled - systemd.services.panoramax = { - after = ["sgblur.service"]; - wants = ["sgblur.service"]; - }; - } - ) - ( - lib.mkIf config.services.panoramax.database.createDB { - services.postgresql = { - enable = true; - ensureDatabases = [config.services.panoramax.database.name]; - ensureUsers = [ - { - name = config.services.panoramax.database.username; - ensureDBOwnership = true; - ensureClauses.login = true; - } - ]; - extensions = ps: with ps; [postgis]; - settings = { - shared_preload_libraries = ["postgis"]; - }; - }; - - systemd.services.postgresql.serviceConfig.ExecStartPost = let - sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' - CREATE EXTENSION IF NOT EXISTS postgis; - CREATE EXTENSION IF NOT EXISTS postgis_topology; - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; - - ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; - GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; - ''; - in [ - '' - ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" - '' - ]; - - systemd.services.panoramax = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - } - ) - ( - lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { - target = "http://localhost:${toString config.services.panoramax.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads for panoramic images - client_max_body_size 100M; - - # set timeout for image processing - proxy_read_timeout 300s; - proxy_send_timeout 300s; - send_timeout 300s; - proxy_redirect off; - ''; - }; - }; - } - ) - ( - lib.mkIf config.services.fail2ban { - # TODO: configure options for fail2ban - } - ) - ( - lib.mkIf osConfig.host.impermanence.enable { - # TODO: configure impermanence for panoramax data - } - ) - ] - ); -} diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix new file mode 100644 index 00000000..e506b800 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -0,0 +1,340 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + # Database configuration assertions + dbUrlConfigured = config.services.panoramax.database.url != null; + individualDbConfigured = all (x: x != null) [ + config.services.panoramax.database.host + config.services.panoramax.database.port + config.services.panoramax.database.username + config.services.panoramax.database.password + config.services.panoramax.database.name + ]; + + envContent = '' + # Panoramax Configuration + FLASK_APP=geovisio + ${ + if dbUrlConfigured + then "DB_URL=${config.services.panoramax.database.url}" + else '' + DB_HOST=${config.services.panoramax.database.host} + DB_PORT=${toString config.services.panoramax.database.port} + DB_USERNAME=${config.services.panoramax.database.username} + DB_PASSWORD=${config.services.panoramax.database.password} + DB_NAME=${config.services.panoramax.database.name} + '' + } + ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} + ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ''; + + envFile = pkgs.writeText "panoramax.env" envContent; +in { + imports = [ + ./proxy.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.panoramax = { + enable = lib.mkEnableOption "panoramax"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.panoramax; + description = "The panoramax package to use"; + }; + + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that panoramax will be hosted at"; + default = "panoramax"; + }; + + database = { + createDB = mkOption { + type = types.bool; + default = true; + description = "Whether to automatically create the database and user"; + }; + + url = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). + If provided, individual database options (host, port, username, password, name) are ignored. + ''; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5432; + description = "Database port (ignored if database.url is set)"; + }; + + host = mkOption { + type = types.nullOr types.str; + default = "localhost"; + description = "Database host (ignored if database.url is set)"; + }; + + username = mkOption { + type = types.nullOr types.str; + default = "panoramax"; + description = "Database username (ignored if database.url is set)"; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + description = "Database password (ignored if database.url is set)"; + }; + + name = mkOption { + type = types.str; + default = "panoramax"; + description = "Database name (ignored if database.url is set)"; + }; + }; + + sgblur = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable sgblur integration for face and license plate blurring"; + }; + + package = mkOption { + type = types.package; + default = pkgs.sgblur; + description = "The sgblur package to use"; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = "Port for the sgblur service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the sgblur service to"; + }; + + url = mkOption { + type = types.str; + default = "http://127.0.0.1:8080"; + description = "URL where sgblur service is accessible"; + }; + }; + + port = mkOption { + type = types.nullOr types.port; + default = 5000; + description = "Port for the Panoramax service"; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Host to bind the Panoramax service to"; + }; + + urlScheme = mkOption { + type = types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + + storage = { + fsUrl = mkOption { + type = types.nullOr types.str; + default = "/var/lib/panoramax/storage"; + description = "File system URL for storage"; + }; + }; + + infrastructure = { + nbProxies = mkOption { + type = types.nullOr types.int; + default = 1; + description = "Number of proxies in front of the application"; + }; + }; + + flask = { + secretKey = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask secret key for session security"; + }; + + sessionCookieDomain = mkOption { + type = types.nullOr types.str; + default = null; + description = "Flask session cookie domain"; + }; + }; + + api = { + pictures = { + licenseSpdxId = mkOption { + type = types.nullOr types.str; + default = null; + description = "SPDX license identifier for API pictures"; + }; + + licenseUrl = mkOption { + type = types.nullOr types.str; + default = null; + description = "License URL for API pictures"; + }; + }; + }; + + extraEnvironment = mkOption { + type = types.attrsOf types.str; + default = {}; + description = "Additional environment variables"; + example = { + CUSTOM_SETTING = "value"; + DEBUG = "true"; + }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + { + environment.systemPackages = with pkgs; + [ + config.services.panoramax.package + python3Packages.waitress + ] + ++ optionals config.services.panoramax.sgblur.enable [ + config.services.panoramax.sgblur.package + ]; + + systemd.services.panoramax = { + description = "Panoramax Service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; + Restart = "always"; + User = "panoramax"; + Group = "panoramax"; + WorkingDirectory = "/var/lib/panoramax"; + Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; + }; + }; + + users.users.panoramax = { + isSystemUser = true; + group = "panoramax"; + home = "/var/lib/panoramax"; + createHome = true; + }; + + users.groups.panoramax = {}; + + systemd.tmpfiles.rules = [ + "d /var/lib/panoramax 0755 panoramax panoramax -" + "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" + ]; + + assertions = [ + { + assertion = dbUrlConfigured || individualDbConfigured; + message = '' + Panoramax database configuration requires either: + - A complete database URL (services.panoramax.database.url), OR + - All individual database options (host, port, username, password, name) + + Currently configured: + - database.url: ${ + if dbUrlConfigured + then "✓ configured" + else "✗ not configured" + } + - individual options: ${ + if individualDbConfigured + then "✓ all configured" + else "✗ some missing" + } + ''; + } + { + assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); + message = '' + Panoramax createDB option can only be used with socket connections when a database URL is provided. + Socket connections are identified by: + - URLs starting with "unix:" + - URLs starting with "/run/" + - Host paths starting with "/" + + Current configuration: + - createDB: ${lib.boolToString config.services.panoramax.database.createDB} + - database.url: ${ + if config.services.panoramax.database.url != null + then config.services.panoramax.database.url + else "not set" + } + - database.host: ${config.services.panoramax.database.host} + ''; + } + ]; + } + (lib.mkIf config.services.panoramax.database.createDB { + systemd.services.panoramax = { + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [config.services.panoramax.database.name]; + ensureUsers = [ + { + name = config.services.panoramax.database.username; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + extensions = ps: with ps; [postgis]; + settings = { + shared_preload_libraries = ["postgis"]; + }; + }; + + systemd.services.postgresql.serviceConfig.ExecStartPost = let + sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' + CREATE EXTENSION IF NOT EXISTS postgis; + CREATE EXTENSION IF NOT EXISTS postgis_topology; + CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; + CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; + + ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; + GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; + ''; + in [ + '' + ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" + '' + ]; + }) + ]); +} diff --git a/modules/nixos-modules/server/panoramax/fail2ban.nix b/modules/nixos-modules/server/panoramax/fail2ban.nix new file mode 100644 index 00000000..649b53a6 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/fail2ban.nix @@ -0,0 +1,11 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.panoramax.enable && config.services.fail2ban.enable) { + # TODO: configure options for fail2ban + # This is a placeholder - panoramax fail2ban configuration would need to be defined + # based on the specific log patterns and security requirements + }; +} diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix new file mode 100644 index 00000000..011c3223 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -0,0 +1,14 @@ +{ + lib, + config, + osConfig, + ... +}: { + config = lib.mkIf (config.services.panoramax.enable && osConfig.host.impermanence.enable) { + # TODO: configure impermanence for panoramax data + # This would typically include directories like: + # - /var/lib/panoramax + # - panoramax storage directories + # - any cache or temporary directories that need to persist + }; +} diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix new file mode 100644 index 00000000..70e3f5b4 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -0,0 +1,27 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { + target = "http://localhost:${toString config.services.panoramax.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads for panoramic images + client_max_body_size 100M; + + # set timeout for image processing + proxy_read_timeout 300s; + proxy_send_timeout 300s; + send_timeout 300s; + proxy_redirect off; + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix deleted file mode 100644 index 303d7422..00000000 --- a/modules/nixos-modules/server/paperless.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - dataDir = "/var/lib/paperless"; -in { - options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; - }; - database = { - user = lib.mkOption { - type = lib.types.str; - description = "what is the user and database that we are going to use for paperless"; - default = "paperless"; - }; - }; - }; - - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - extraUsers = { - ${config.services.paperless.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.paperless.database.user} = { - name = config.services.paperless.database.user; - }; - }; - }; - }; - services.paperless = { - domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; - configureTika = true; - settings = { - PAPERLESS_DBENGINE = "postgresql"; - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBNAME = config.services.paperless.database.user; - PAPERLESS_DBUSER = config.services.paperless.database.user; - }; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - - websockets.enable = true; - forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; - }; - }; - }) - (lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/paperless.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ - ignoreregex = - - '') - ); - }; - - services.fail2ban = { - jails = { - paperless.settings = { - enabled = true; - filter = "paperless"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.paperless.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }) - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.paperless.dataDir == dataDir; - message = "paperless data location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDir; - user = "paperless"; - group = "paperless"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/paperless/database.nix b/modules/nixos-modules/server/paperless/database.nix new file mode 100644 index 00000000..6f4ce514 --- /dev/null +++ b/modules/nixos-modules/server/paperless/database.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: { + config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + } + ( + lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.paperless.database.user} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${config.services.paperless.database.user} = { + name = config.services.paperless.database.user; + }; + }; + }; + }; + } + ) + ]); +} diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix new file mode 100644 index 00000000..ec01fef3 --- /dev/null +++ b/modules/nixos-modules/server/paperless/default.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + ... +}: { + imports = [ + ./proxy.nix + ./database.nix + ./fail2ban.nix + ./impermanence.nix + ]; + + options.services.paperless = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that paperless will be hosted at"; + default = "paperless"; + }; + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable { + services.paperless = { + domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + configureTika = true; + settings = { + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/fail2ban.nix b/modules/nixos-modules/server/paperless/fail2ban.nix new file mode 100644 index 00000000..e1a70f9f --- /dev/null +++ b/modules/nixos-modules/server/paperless/fail2ban.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: { + config = lib.mkIf (config.services.paperless.enable && config.services.fail2ban.enable) { + environment.etc = { + "fail2ban/filter.d/paperless.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ + ignoreregex = + + '') + ); + }; + + services.fail2ban = { + jails = { + paperless.settings = { + enabled = true; + filter = "paperless"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.paperless.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix new file mode 100644 index 00000000..d9e17bdb --- /dev/null +++ b/modules/nixos-modules/server/paperless/impermanence.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/paperless"; +in { + config = lib.mkIf (config.services.paperless.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.paperless.dataDir == dataDir; + message = "paperless data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDir; + user = "paperless"; + group = "paperless"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix new file mode 100644 index 00000000..cb0f157d --- /dev/null +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + ... +}: { + config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.${config.services.paperless.subdomain} = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/searx.nix b/modules/nixos-modules/server/searx.nix deleted file mode 100644 index 0e547af1..00000000 --- a/modules/nixos-modules/server/searx.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: { - options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; - }; - }; - - config = lib.mkIf config.services.searx.enable ( - lib.mkMerge [ - { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; - }; - - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - } - (lib.mkIf config.host.reverse_proxy.enable { - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix new file mode 100644 index 00000000..73ec4896 --- /dev/null +++ b/modules/nixos-modules/server/searx/default.nix @@ -0,0 +1,71 @@ +{ + config, + lib, + inputs, + ... +}: { + imports = [ + ./proxy.nix + ]; + + options.services.searx = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "searx"; + }; + }; + + config = lib.mkIf config.services.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix new file mode 100644 index 00000000..d9259186 --- /dev/null +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -0,0 +1,14 @@ +{ + config, + lib, + ... +}: { + config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { + host = { + reverse_proxy.subdomains.searx = { + subdomain = config.services.searx.subdomain; + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + }; + }; + }; +} From dfdd6bcc82c088eb2aac31737df2e388a13398c1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 10:20:00 -0500 Subject: [PATCH 838/932] chore: removed resolved item from research topics --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 13d12065..62040e3c 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ -- nix config mcp https://github.com/utensils/mcp-nixos # Tasks: @@ -70,4 +69,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance -- move searx, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file +- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file From 9b02e300801a0db6e2e7c3911af2843776099e56 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 10:44:00 -0500 Subject: [PATCH 839/932] refactor: moved subdomain options into proxy file --- .../nixos-modules/server/actual/default.nix | 8 ----- modules/nixos-modules/server/actual/proxy.nix | 8 +++++ .../nixos-modules/server/forgejo/default.nix | 8 ----- .../nixos-modules/server/forgejo/proxy.nix | 8 +++++ .../server/home-assistant/default.nix | 6 ---- .../server/home-assistant/proxy.nix | 35 ++++++++++++------- .../nixos-modules/server/immich/default.nix | 10 +----- modules/nixos-modules/server/immich/proxy.nix | 8 +++++ .../nixos-modules/server/jellyfin/default.nix | 10 ------ .../nixos-modules/server/jellyfin/proxy.nix | 13 +++++++ .../server/panoramax/default.nix | 6 ---- .../nixos-modules/server/panoramax/proxy.nix | 8 +++++ .../server/paperless/default.nix | 5 --- .../nixos-modules/server/paperless/proxy.nix | 8 +++++ .../nixos-modules/server/searx/default.nix | 8 ----- modules/nixos-modules/server/searx/proxy.nix | 8 +++++ 16 files changed, 84 insertions(+), 73 deletions(-) diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix index bef7a05f..546240e1 100644 --- a/modules/nixos-modules/server/actual/default.nix +++ b/modules/nixos-modules/server/actual/default.nix @@ -12,14 +12,6 @@ in { ./impermanence.nix ]; - options.services.actual = { - subdomain = lib.mkOption { - type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; - }; - }; - config = lib.mkIf config.services.actual.enable { systemd.tmpfiles.rules = [ "d ${dataDirectory} 2770 actual actual" diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index e20a6cd2..6ca51e49 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -3,6 +3,14 @@ config, ... }: { + options.services.actual = { + subdomain = lib.mkOption { + type = lib.types.str; + default = "actual"; + description = "subdomain of base domain that actual will be hosted at"; + }; + }; + config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.actual.subdomain} = { diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index cec26301..1fdc8d9a 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -15,14 +15,6 @@ in { ./impermanence.nix ]; - options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; - }; - }; - config = lib.mkIf config.services.forgejo.enable { assertions = [ { diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index 9e85f78b..51f769d1 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -6,6 +6,14 @@ const = import ./const.nix; httpPort = const.httpPort; in { + options.services.forgejo = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that forgejo will be hosted at"; + default = "forgejo"; + }; + }; + config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { target = "http://localhost:${toString httpPort}"; diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 6edf0c05..83d8ba76 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -12,12 +12,6 @@ ]; options.services.home-assistant = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - database = lib.mkOption { type = lib.types.enum [ "builtin" diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index 63396b58..ba8f20da 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -2,23 +2,32 @@ lib, config, ... -}: -lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; +}: { + options.services.home-assistant = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that home-assistant will be hosted at"; + default = "home-assistant"; + }; + }; - websockets.enable = true; - forwardHeaders.enable = true; + config = lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; + websockets.enable = true; + forwardHeaders.enable = true; - proxy_buffering off; + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; - proxy_read_timeout 90; - ''; + proxy_buffering off; + + proxy_read_timeout 90; + ''; + }; }; }; } diff --git a/modules/nixos-modules/server/immich/default.nix b/modules/nixos-modules/server/immich/default.nix index 9d782f07..4d93c0b6 100644 --- a/modules/nixos-modules/server/immich/default.nix +++ b/modules/nixos-modules/server/immich/default.nix @@ -1,4 +1,4 @@ -{lib, ...}: { +{...}: { imports = [ ./proxy.nix ./database.nix @@ -6,14 +6,6 @@ ./impermanence.nix ]; - options.services.immich = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; - }; - }; - # NOTE: This shouldn't be needed now that we are out of testing # config = lib.mkIf config.services.immich.enable { # networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index 9d8790a2..dae2420b 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -3,6 +3,14 @@ config, ... }: { + options.services.immich = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that immich will be hosted at"; + default = "immich"; + }; + }; + config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.immich.subdomain} = { diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix index 238ce3ac..0d884818 100644 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -14,16 +14,6 @@ in { ]; options.services.jellyfin = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; - default = []; - }; media_directory = lib.mkOption { type = lib.types.str; description = "directory jellyfin media will be hosted at"; diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index 5edb8653..1020a19e 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -5,6 +5,19 @@ }: let jellyfinPort = 8096; in { + options.services.jellyfin = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "ex subdomain of base domain that jellyfin will be hosted at"; + default = []; + }; + }; + config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { host.reverse_proxy.subdomains.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index e506b800..779f2845 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -57,12 +57,6 @@ in { description = "The panoramax package to use"; }; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; - }; - database = { createDB = mkOption { type = types.bool; diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 70e3f5b4..79f93260 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -3,6 +3,14 @@ config, ... }: { + options.services.panoramax = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that panoramax will be hosted at"; + default = "panoramax"; + }; + }; + config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index ec01fef3..a6878eb0 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -11,11 +11,6 @@ ]; options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; - }; database = { user = lib.mkOption { type = lib.types.str; diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index cb0f157d..2910f079 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -3,6 +3,14 @@ lib, ... }: { + options.services.paperless = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that paperless will be hosted at"; + default = "paperless"; + }; + }; + config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.${config.services.paperless.subdomain} = { diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix index 73ec4896..ac84c1dd 100644 --- a/modules/nixos-modules/server/searx/default.nix +++ b/modules/nixos-modules/server/searx/default.nix @@ -8,14 +8,6 @@ ./proxy.nix ]; - options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; - }; - }; - config = lib.mkIf config.services.searx.enable { sops.secrets = { "services/searx" = { diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index d9259186..0c1eae15 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -3,6 +3,14 @@ lib, ... }: { + options.services.searx = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that searx will be hosted at"; + default = "searx"; + }; + }; + config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { host = { reverse_proxy.subdomains.searx = { From e2e07c9a70c4f3ff591b72f8b90292fe62b7ca1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 12:09:41 -0500 Subject: [PATCH 840/932] feat: reworked databse config for panoramax --- .../server/panoramax/default.nix | 330 +----------------- .../server/panoramax/panoramax.nix | 253 ++++++++++++++ 2 files changed, 255 insertions(+), 328 deletions(-) create mode 100644 modules/nixos-modules/server/panoramax/panoramax.nix diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index 779f2845..f029ee33 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -1,334 +1,8 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - # Database configuration assertions - dbUrlConfigured = config.services.panoramax.database.url != null; - individualDbConfigured = all (x: x != null) [ - config.services.panoramax.database.host - config.services.panoramax.database.port - config.services.panoramax.database.username - config.services.panoramax.database.password - config.services.panoramax.database.name - ]; - - envContent = '' - # Panoramax Configuration - FLASK_APP=geovisio - ${ - if dbUrlConfigured - then "DB_URL=${config.services.panoramax.database.url}" - else '' - DB_HOST=${config.services.panoramax.database.host} - DB_PORT=${toString config.services.panoramax.database.port} - DB_USERNAME=${config.services.panoramax.database.username} - DB_PASSWORD=${config.services.panoramax.database.password} - DB_NAME=${config.services.panoramax.database.name} - '' - } - ${optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} - ${concatStringsSep "\n" (mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} - ''; - - envFile = pkgs.writeText "panoramax.env" envContent; -in { +{...}: { imports = [ ./proxy.nix ./fail2ban.nix ./impermanence.nix + ./panoramax.nix ]; - - options.services.panoramax = { - enable = lib.mkEnableOption "panoramax"; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.panoramax; - description = "The panoramax package to use"; - }; - - database = { - createDB = mkOption { - type = types.bool; - default = true; - description = "Whether to automatically create the database and user"; - }; - - url = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Complete database URL connection string (e.g., "postgresql://user:password@host:port/dbname"). - If provided, individual database options (host, port, username, password, name) are ignored. - ''; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5432; - description = "Database port (ignored if database.url is set)"; - }; - - host = mkOption { - type = types.nullOr types.str; - default = "localhost"; - description = "Database host (ignored if database.url is set)"; - }; - - username = mkOption { - type = types.nullOr types.str; - default = "panoramax"; - description = "Database username (ignored if database.url is set)"; - }; - - password = mkOption { - type = types.nullOr types.str; - default = null; - description = "Database password (ignored if database.url is set)"; - }; - - name = mkOption { - type = types.str; - default = "panoramax"; - description = "Database name (ignored if database.url is set)"; - }; - }; - - sgblur = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether to enable sgblur integration for face and license plate blurring"; - }; - - package = mkOption { - type = types.package; - default = pkgs.sgblur; - description = "The sgblur package to use"; - }; - - port = mkOption { - type = types.port; - default = 8080; - description = "Port for the sgblur service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the sgblur service to"; - }; - - url = mkOption { - type = types.str; - default = "http://127.0.0.1:8080"; - description = "URL where sgblur service is accessible"; - }; - }; - - port = mkOption { - type = types.nullOr types.port; - default = 5000; - description = "Port for the Panoramax service"; - }; - - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host to bind the Panoramax service to"; - }; - - urlScheme = mkOption { - type = types.enum ["http" "https"]; - default = "https"; - description = "URL scheme for the application"; - }; - - storage = { - fsUrl = mkOption { - type = types.nullOr types.str; - default = "/var/lib/panoramax/storage"; - description = "File system URL for storage"; - }; - }; - - infrastructure = { - nbProxies = mkOption { - type = types.nullOr types.int; - default = 1; - description = "Number of proxies in front of the application"; - }; - }; - - flask = { - secretKey = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask secret key for session security"; - }; - - sessionCookieDomain = mkOption { - type = types.nullOr types.str; - default = null; - description = "Flask session cookie domain"; - }; - }; - - api = { - pictures = { - licenseSpdxId = mkOption { - type = types.nullOr types.str; - default = null; - description = "SPDX license identifier for API pictures"; - }; - - licenseUrl = mkOption { - type = types.nullOr types.str; - default = null; - description = "License URL for API pictures"; - }; - }; - }; - - extraEnvironment = mkOption { - type = types.attrsOf types.str; - default = {}; - description = "Additional environment variables"; - example = { - CUSTOM_SETTING = "value"; - DEBUG = "true"; - }; - }; - }; - - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - { - environment.systemPackages = with pkgs; - [ - config.services.panoramax.package - python3Packages.waitress - ] - ++ optionals config.services.panoramax.sgblur.enable [ - config.services.panoramax.sgblur.package - ]; - - systemd.services.panoramax = { - description = "Panoramax Service"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --env-file=${envFile} --host=${config.services.panoramax.host} --port=${toString config.services.panoramax.port} --url-scheme=${config.services.panoramax.urlScheme} --call geovisio:create_app"; - Restart = "always"; - User = "panoramax"; - Group = "panoramax"; - WorkingDirectory = "/var/lib/panoramax"; - Environment = "PYTHONPATH=${config.services.panoramax.package}/lib/python3.11/site-packages"; - }; - }; - - users.users.panoramax = { - isSystemUser = true; - group = "panoramax"; - home = "/var/lib/panoramax"; - createHome = true; - }; - - users.groups.panoramax = {}; - - systemd.tmpfiles.rules = [ - "d /var/lib/panoramax 0755 panoramax panoramax -" - "d ${config.services.panoramax.storage.fsUrl} 0755 panoramax panoramax -" - ]; - - assertions = [ - { - assertion = dbUrlConfigured || individualDbConfigured; - message = '' - Panoramax database configuration requires either: - - A complete database URL (services.panoramax.database.url), OR - - All individual database options (host, port, username, password, name) - - Currently configured: - - database.url: ${ - if dbUrlConfigured - then "✓ configured" - else "✗ not configured" - } - - individual options: ${ - if individualDbConfigured - then "✓ all configured" - else "✗ some missing" - } - ''; - } - { - assertion = !config.services.panoramax.database.createDB || config.services.panoramax.database.url == null || (lib.hasPrefix "/run/" config.services.panoramax.database.url || lib.hasPrefix "unix:" config.services.panoramax.database.url || lib.hasPrefix "/" config.services.panoramax.database.host); - message = '' - Panoramax createDB option can only be used with socket connections when a database URL is provided. - Socket connections are identified by: - - URLs starting with "unix:" - - URLs starting with "/run/" - - Host paths starting with "/" - - Current configuration: - - createDB: ${lib.boolToString config.services.panoramax.database.createDB} - - database.url: ${ - if config.services.panoramax.database.url != null - then config.services.panoramax.database.url - else "not set" - } - - database.host: ${config.services.panoramax.database.host} - ''; - } - ]; - } - (lib.mkIf config.services.panoramax.database.createDB { - systemd.services.panoramax = { - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - }; - - services.postgresql = { - enable = true; - ensureDatabases = [config.services.panoramax.database.name]; - ensureUsers = [ - { - name = config.services.panoramax.database.username; - ensureDBOwnership = true; - ensureClauses.login = true; - } - ]; - extensions = ps: with ps; [postgis]; - settings = { - shared_preload_libraries = ["postgis"]; - }; - }; - - systemd.services.postgresql.serviceConfig.ExecStartPost = let - sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' - CREATE EXTENSION IF NOT EXISTS postgis; - CREATE EXTENSION IF NOT EXISTS postgis_topology; - CREATE EXTENSION IF NOT EXISTS fuzzystrmatch; - CREATE EXTENSION IF NOT EXISTS postgis_tiger_geocoder; - - ALTER SCHEMA public OWNER TO ${config.services.panoramax.database.username}; - GRANT ALL ON SCHEMA public TO ${config.services.panoramax.database.username}; - ''; - in [ - '' - ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.name}" -f "${sqlFile}" - '' - ]; - }) - ]); } diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix new file mode 100644 index 00000000..cdbc632b --- /dev/null +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -0,0 +1,253 @@ +{ + config, + lib, + pkgs, + ... +}: let + dbUrlConfigured = config.services.panoramax.database.url != null; + individualDbConfigured = lib.all (x: x != null) [ + config.services.panoramax.database.host + config.services.panoramax.database.port + config.services.panoramax.database.username + config.services.panoramax.database.password + config.services.panoramax.database.name + ]; + + envContent = '' + # Panoramax Configuration + FLASK_APP=geovisio + ${ + if dbUrlConfigured + then "DB_URL=${config.services.panoramax.database.url}" + else '' + DB_HOST=${config.services.panoramax.database.host} + DB_PORT=${toString config.services.panoramax.database.port} + DB_USERNAME=${config.services.panoramax.database.username} + DB_PASSWORD=${config.services.panoramax.database.password} + DB_NAME=${config.services.panoramax.database.name} + '' + } + ${lib.optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} + ${lib.optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} + ${lib.optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} + ${lib.optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} + ${lib.optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} + ${lib.optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} + ${lib.optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} + ${lib.optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} + ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} + ''; + + envFile = pkgs.writeText "panoramax.env" envContent; +in { + options.services = { + panoramax = { + enable = lib.mkEnableOption "panoramax"; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.panoramax; + description = "The panoramax package to use"; + }; + + user = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "The user panoramax should run as."; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "The group panoramax should run as."; + }; + + host = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + description = "Host to bind the panoramax service to"; + }; + + port = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = 5000; + description = "Port for the panoramax service"; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to open the panoramax port in the firewall"; + }; + + settings = { + urlScheme = lib.mkOption { + type = lib.types.enum ["http" "https"]; + default = "https"; + description = "URL scheme for the application"; + }; + + storage = { + fsUrl = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "/var/lib/panoramax/storage"; + description = "File system URL for storage"; + }; + }; + + infrastructure = { + nbProxies = lib.mkOption { + type = lib.types.nullOr lib.types.int; + default = 1; + description = "Number of proxies in front of the application"; + }; + }; + + flask = { + secretKey = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Flask secret key for session security"; + }; + + sessionCookieDomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Flask session cookie domain"; + }; + }; + + api = { + pictures = { + licenseSpdxId = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "SPDX license identifier for API pictures"; + }; + + licenseUrl = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "License URL for API pictures"; + }; + }; + }; + + extraEnvironment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + description = "Additional environment variables"; + example = { + CUSTOM_SETTING = "value"; + DEBUG = "true"; + }; + }; + }; + + database = { + createDB = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically create the database and user"; + }; + + name = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "The name of the panoramax database"; + }; + + host = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "/run/postgresql"; + description = "Hostname or address of the postgresql server. If an absolute path is given here, it will be interpreted as a unix socket path."; + }; + + port = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = 5432; + description = "Port of the postgresql server."; + }; + + user = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = "panoramax"; + description = "The database user for panoramax."; + }; + + # TODO: password file for external database + }; + + sgblur = { + # TODO: configs to bind to sgblur + }; + }; + sgblur = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to enable sgblur integration for face and license plate blurring"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.sgblur; + description = "The sgblur package to use"; + }; + + port = lib.mkOption { + type = lib.types.port; + default = 8080; + description = "Port for the sgblur service"; + }; + + host = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + description = "Host to bind the sgblur service to"; + }; + + url = lib.mkOption { + type = lib.types.str; + default = "http://127.0.0.1:8080"; + description = "URL where sgblur service is accessible"; + }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + { + # TODO: start panoramax service + } + (lib.mkIf config.services.sgblur.enable { + # TODO: start sg blur config + }) + (lib.mkIf config.services.panoramax.database.createDB { + services.postgresql = lib.mkIf config.services.panoramax.database.enable { + enable = true; + ensureDatabases = lib.mkIf config.services.panoramax.database.createDB [config.services.panoramax.database.name]; + ensureUsers = lib.mkIf config.services.panoramax.database.createDB [ + { + name = config.services.panoramax.database.user; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + extensions = ps: with ps; [postgis]; + }; + systemd.services.postgresql.serviceConfig.ExecStartPost = let + sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' + CREATE EXTENSION IF NOT EXISTS postgis; + + ALTER DATABASE ${config.services.panoramax.database.name} SET TIMEZONE TO 'UTC'; + + GRANT SET ON PARAMETER session_replication_role TO ${config.services.panoramax.database.user}; + ''; + in [ + '' + ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.user}" -f "${sqlFile}" + '' + ]; + }) + ]); +} From 1b1a3f7219790da0fca2b1012d7edd30642b4cfd Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 16 Sep 2025 12:40:19 -0500 Subject: [PATCH 841/932] fix: fixed database timezone alter not working --- modules/nixos-modules/server/panoramax/panoramax.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix index cdbc632b..aae70522 100644 --- a/modules/nixos-modules/server/panoramax/panoramax.nix +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -223,7 +223,7 @@ in { # TODO: start sg blur config }) (lib.mkIf config.services.panoramax.database.createDB { - services.postgresql = lib.mkIf config.services.panoramax.database.enable { + services.postgresql = { enable = true; ensureDatabases = lib.mkIf config.services.panoramax.database.createDB [config.services.panoramax.database.name]; ensureUsers = lib.mkIf config.services.panoramax.database.createDB [ @@ -239,7 +239,8 @@ in { sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' CREATE EXTENSION IF NOT EXISTS postgis; - ALTER DATABASE ${config.services.panoramax.database.name} SET TIMEZONE TO 'UTC'; + -- TODO: how can we ensure that this runs after the databases have been created + -- ALTER DATABASE ${config.services.panoramax.database.name} SET TIMEZONE TO 'UTC'; GRANT SET ON PARAMETER session_replication_role TO ${config.services.panoramax.database.user}; ''; From 3bee0c74028118e2fd93b172178e49a54d31efcf Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 17 Sep 2025 15:15:07 -0500 Subject: [PATCH 842/932] fix: fixed pkg dependencies for panoramax --- .../nixos/defiant/configuration.nix | 4 + modules/common-modules/pkgs/default.nix | 8 + modules/common-modules/pkgs/h3-c-lib.nix | 36 ++++ modules/common-modules/pkgs/panoramax.nix | 40 ++++ .../common-modules/pkgs/python/default.nix | 18 ++ .../pkgs/python/geojson-pydantic.nix | 48 +++++ .../pkgs/python/geopic-tag-reader.nix | 70 +++++++ modules/common-modules/pkgs/python/h3.nix | 81 ++++++++ .../common-modules/pkgs/python/pyexiv2.nix | 49 +++++ .../pkgs/python/pygeofilter.nix | 52 +++++ .../common-modules/pkgs/python/pygeoif.nix | 48 +++++ modules/common-modules/pkgs/python/rfeed.nix | 40 ++++ .../server/panoramax/panoramax.nix | 177 ++++++++++++++---- 13 files changed, 632 insertions(+), 39 deletions(-) create mode 100644 modules/common-modules/pkgs/h3-c-lib.nix create mode 100644 modules/common-modules/pkgs/python/default.nix create mode 100644 modules/common-modules/pkgs/python/geojson-pydantic.nix create mode 100644 modules/common-modules/pkgs/python/geopic-tag-reader.nix create mode 100644 modules/common-modules/pkgs/python/h3.nix create mode 100644 modules/common-modules/pkgs/python/pyexiv2.nix create mode 100644 modules/common-modules/pkgs/python/pygeofilter.nix create mode 100644 modules/common-modules/pkgs/python/pygeoif.nix create mode 100644 modules/common-modules/pkgs/python/rfeed.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e109d450..9be30657 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -306,6 +306,10 @@ passwordFile = config.sops.secrets."services/paperless_password".path; }; + panoramax = { + enable = true; + }; + qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 28141c81..e6083509 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,4 +1,8 @@ {pkgs, ...}: { + imports = [ + ./python + ]; + nixpkgs.overlays = [ (final: prev: { webtoon-dl = @@ -31,5 +35,9 @@ (final: prev: { sgblur = pkgs.python3.pkgs.callPackage ./sgblur.nix {}; }) + (final: prev: { + # Override h3 C library to version 4.3.0 + h3 = pkgs.callPackage ./h3-c-lib.nix {}; + }) ]; } diff --git a/modules/common-modules/pkgs/h3-c-lib.nix b/modules/common-modules/pkgs/h3-c-lib.nix new file mode 100644 index 00000000..2615d3cb --- /dev/null +++ b/modules/common-modules/pkgs/h3-c-lib.nix @@ -0,0 +1,36 @@ +{ + lib, + stdenv, + fetchFromGitHub, + cmake, + doxygen, +}: +stdenv.mkDerivation rec { + pname = "h3"; + version = "4.3.0"; + + src = fetchFromGitHub { + owner = "uber"; + repo = "h3"; + rev = "v${version}"; + hash = "sha256-DUILKZ1QvML6qg+WdOxir6zRsgTvk+En6yjeFf6MQBg="; + }; + + nativeBuildInputs = [ + cmake + doxygen + ]; + + cmakeFlags = [ + "-DBUILD_SHARED_LIBS=ON" + "-DBUILD_TESTING=OFF" + ]; + + meta = with lib; { + homepage = "https://github.com/uber/h3"; + description = "Hexagonal hierarchical geospatial indexing system"; + license = licenses.asl20; + maintainers = []; + platforms = platforms.all; + }; +} diff --git a/modules/common-modules/pkgs/panoramax.nix b/modules/common-modules/pkgs/panoramax.nix index e2dad14a..75b5e0e7 100644 --- a/modules/common-modules/pkgs/panoramax.nix +++ b/modules/common-modules/pkgs/panoramax.nix @@ -10,8 +10,27 @@ authlib, sentry-sdk, python-dateutil, + dateparser, croniter, pydantic, + flask-cors, + flask-compress, + flask-babel, + flasgger, + yoyo-migrations, + psycopg, + psycopg-pool, + tzdata, + email-validator, + pydantic-extra-types, + python-multipart, + fs, + fs-s3fs, + geopic-tag-reader, + pygeofilter, + pygeoif, + rfeed, + geojson-pydantic, ... }: let pname = "geovisio"; @@ -42,8 +61,29 @@ in authlib sentry-sdk python-dateutil + dateparser croniter pydantic + flask-cors + flask-compress + flask-babel + flasgger + yoyo-migrations + psycopg + psycopg-pool + tzdata + email-validator + pydantic-extra-types + python-multipart + fs + fs-s3fs + geopic-tag-reader + pygeofilter + pygeoif + rfeed + geojson-pydantic + # Missing from nixpkgs - may need custom packages: + # flask-executor ]; # Skip tests as they may require network access or specific setup diff --git a/modules/common-modules/pkgs/python/default.nix b/modules/common-modules/pkgs/python/default.nix new file mode 100644 index 00000000..f69c5122 --- /dev/null +++ b/modules/common-modules/pkgs/python/default.nix @@ -0,0 +1,18 @@ +{...}: { + nixpkgs.overlays = [ + (final: prev: { + python3 = prev.python3.override { + packageOverrides = pythonPrev: pythonFinal: { + h3 = pythonPrev.callPackage ./h3.nix {h3 = final.h3;}; + pygeofilter = pythonPrev.callPackage ./pygeofilter.nix {}; + pygeoif = pythonPrev.callPackage ./pygeoif.nix {}; + rfeed = pythonPrev.callPackage ./rfeed.nix {}; + pyexiv2 = pythonPrev.callPackage ./pyexiv2.nix {}; + geojson-pydantic = pythonPrev.callPackage ./geojson-pydantic.nix {}; + geopic-tag-reader = pythonPrev.callPackage ./geopic-tag-reader.nix {}; + }; + }; + python3Packages = final.python3.pkgs; + }) + ]; +} diff --git a/modules/common-modules/pkgs/python/geojson-pydantic.nix b/modules/common-modules/pkgs/python/geojson-pydantic.nix new file mode 100644 index 00000000..96ec6b5e --- /dev/null +++ b/modules/common-modules/pkgs/python/geojson-pydantic.nix @@ -0,0 +1,48 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + flit-core, + pydantic, + geojson, + ... +}: let + pname = "geojson_pydantic"; + version = "2.0.0"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-ti6LRFAt0a1Ri19zkDWoGSSnb5gMvbOk6JFu+RO+JC4="; + }; + + build-system = [ + flit-core + ]; + + dependencies = [ + pydantic + geojson + ]; + + # Skip tests as they may require specific setup + doCheck = false; + + # Disable runtime dependencies check + dontCheckRuntimeDeps = true; + + # Basic imports check + pythonImportsCheck = ["geojson_pydantic"]; + + meta = with lib; { + description = "Pydantic models for GeoJSON objects"; + homepage = "https://github.com/developmentseed/geojson-pydantic"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/geopic-tag-reader.nix b/modules/common-modules/pkgs/python/geopic-tag-reader.nix new file mode 100644 index 00000000..bd8451fb --- /dev/null +++ b/modules/common-modules/pkgs/python/geopic-tag-reader.nix @@ -0,0 +1,70 @@ +{ + lib, + fetchFromGitLab, + buildPythonPackage, + flit-core, + typer, + xmltodict, + timezonefinder, + pytz, + types-pytz, + types-python-dateutil, + rtree, + python-dateutil, + pyexiv2, + ... +}: let + pname = "geopic-tag-reader"; + version = "1.8.0"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchFromGitLab { + owner = "panoramax"; + repo = "server/geo-picture-tag-reader"; + rev = version; + sha256 = "0lzf5xxxcdqmq28bpvgpkxf5jxmh2nawwa4rl4yg04bdsi16rf1j"; + }; + + build-system = [ + flit-core + ]; + + dependencies = [ + typer + xmltodict + pyexiv2 + timezonefinder + pytz + types-pytz + types-python-dateutil + rtree + ]; + + optional-dependencies = { + write-exif = [ + python-dateutil + types-python-dateutil + ]; + }; + + # Skip tests as they may require network access or specific setup + doCheck = false; + + # Disable runtime dependencies check as some dependencies might have issues + dontCheckRuntimeDeps = true; + + # Disable imports check initially to avoid dependency issues + pythonImportsCheck = []; + + meta = with lib; { + description = "GeoPic Tag Reader - Python library to read and write standardized metadata from geolocated pictures EXIF metadata"; + homepage = "https://gitlab.com/panoramax/server/geo-picture-tag-reader"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/h3.nix b/modules/common-modules/pkgs/python/h3.nix new file mode 100644 index 00000000..2dc3d26e --- /dev/null +++ b/modules/common-modules/pkgs/python/h3.nix @@ -0,0 +1,81 @@ +{ + autoPatchelfHook, + buildPythonPackage, + cmake, + cython, + fetchFromGitHub, + h3, + lib, + ninja, + numpy, + pytestCheckHook, + pytest-cov-stub, + scikit-build-core, + stdenv, +}: +buildPythonPackage rec { + pname = "h3"; + version = "4.3.1"; + pyproject = true; + + # pypi version does not include tests + src = fetchFromGitHub { + owner = "uber"; + repo = "h3-py"; + tag = "v${version}"; + hash = "sha256-zt7zbBgSp2P9q7mObZeQZpW9Szip62dAYdPZ2cGTmi4="; + }; + + dontConfigure = true; + + nativeCheckInputs = [ + pytestCheckHook + pytest-cov-stub + ]; + + build-system = + [ + scikit-build-core + cmake + cython + ninja + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + # On Linux the .so files ends up referring to libh3.so instead of the full + # Nix store path. I'm not sure why this is happening! On Darwin it works + # fine. + autoPatchelfHook + ]; + + # This is not needed per-se, it's only added for autoPatchelfHook to work + # correctly. See the note above ^^ + buildInputs = lib.optionals stdenv.hostPlatform.isLinux [h3]; + + dependencies = [numpy]; + + # The following prePatch replaces the h3lib compilation with using the h3 packaged in nixpkgs. + # + # - Remove the h3lib submodule. + # - Patch CMakeLists to avoid building h3lib, and use h3 instead. + prePatch = let + cmakeCommands = '' + include_directories(${lib.getDev h3}/include/h3) + link_directories(${h3}/lib) + ''; + in '' + rm -r src/h3lib + substituteInPlace CMakeLists.txt \ + --replace-fail "add_subdirectory(src/h3lib)" "${cmakeCommands}" \ + --replace-fail "\''${CMAKE_CURRENT_BINARY_DIR}/src/h3lib/src/h3lib/include/h3api.h" "${lib.getDev h3}/include/h3/h3api.h" + ''; + + # Extra check to make sure we can import it from Python + pythonImportsCheck = ["h3"]; + + meta = { + homepage = "https://github.com/uber/h3-py"; + description = "Hierarchical hexagonal geospatial indexing system"; + license = lib.licenses.asl20; + maintainers = [lib.maintainers.kalbasit]; + }; +} diff --git a/modules/common-modules/pkgs/python/pyexiv2.nix b/modules/common-modules/pkgs/python/pyexiv2.nix new file mode 100644 index 00000000..69fa5376 --- /dev/null +++ b/modules/common-modules/pkgs/python/pyexiv2.nix @@ -0,0 +1,49 @@ +{ + lib, + fetchFromGitHub, + buildPythonPackage, + exiv2, + boost, + pybind11, + setuptools, + ... +}: let + pname = "pyexiv2"; + version = "2.15.3"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + build-system = [setuptools]; + + src = fetchFromGitHub { + owner = "LeoHsiao1"; + repo = "pyexiv2"; + rev = "v${version}"; + sha256 = "sha256-83bFMaoXncvhRJNcCgkkC7B29wR5pjuLO/EdkQdqxxo="; + }; + + buildInputs = [ + exiv2 + boost + ]; + + nativeBuildInputs = [ + pybind11 + ]; + + # Skip tests as they may require specific test images + doCheck = false; + + # Disable runtime dependencies check initially + dontCheckRuntimeDeps = true; + + meta = with lib; { + description = "Python binding to the library exiv2"; + homepage = "https://github.com/LeoHsiao1/pyexiv2"; + license = licenses.gpl3Plus; + maintainers = []; + platforms = platforms.linux; + }; + } diff --git a/modules/common-modules/pkgs/python/pygeofilter.nix b/modules/common-modules/pkgs/python/pygeofilter.nix new file mode 100644 index 00000000..aa310f98 --- /dev/null +++ b/modules/common-modules/pkgs/python/pygeofilter.nix @@ -0,0 +1,52 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + setuptools, + wheel, + lark, + python-dateutil, + shapely, + ... +}: let + pname = "pygeofilter"; + version = "0.3.1"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-+SvAYiCZ+H/os23nq92GBZ1hWontYIInNwgiI6V44VA="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ + lark + python-dateutil + shapely + ]; + + # Skip tests as they may require specific setup + doCheck = false; + + # Disable runtime dependencies check + dontCheckRuntimeDeps = true; + + # Basic imports check + pythonImportsCheck = ["pygeofilter"]; + + meta = with lib; { + description = "A pure Python parser implementation of OGC filtering standards"; + homepage = "https://github.com/geopython/pygeofilter"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/pygeoif.nix b/modules/common-modules/pkgs/python/pygeoif.nix new file mode 100644 index 00000000..12b8b122 --- /dev/null +++ b/modules/common-modules/pkgs/python/pygeoif.nix @@ -0,0 +1,48 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + setuptools, + wheel, + typing-extensions, + ... +}: let + pname = "pygeoif"; + version = "1.5.1"; +in + buildPythonPackage { + inherit pname version; + + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-8nprah7Lh66swrUbzFnKeb5w7RKgEE3oYBR4shPdXYE="; + }; + + build-system = [ + setuptools + wheel + ]; + + dependencies = [ + typing-extensions + ]; + + # Skip tests as they may require specific setup + doCheck = false; + + # Disable runtime dependencies check + dontCheckRuntimeDeps = true; + + # Basic imports check + pythonImportsCheck = ["pygeoif"]; + + meta = with lib; { + description = "A basic implementation of the __geo_interface__"; + homepage = "https://github.com/cleder/pygeoif"; + license = licenses.lgpl21Plus; + maintainers = []; + platforms = platforms.all; + }; + } diff --git a/modules/common-modules/pkgs/python/rfeed.nix b/modules/common-modules/pkgs/python/rfeed.nix new file mode 100644 index 00000000..0be8ab99 --- /dev/null +++ b/modules/common-modules/pkgs/python/rfeed.nix @@ -0,0 +1,40 @@ +{ + lib, + fetchPypi, + buildPythonPackage, + setuptools, + python-dateutil, +}: +buildPythonPackage rec { + pname = "rfeed"; + version = "1.1.1"; + pyproject = true; + + src = fetchPypi { + inherit pname version; + hash = "sha256-qpUG8oZrdPWjItOUoUpjwZpoJcLZR1X/GdRt0eJDSBk="; + }; + + build-system = [ + setuptools + ]; + + dependencies = [ + python-dateutil + ]; + + # No tests available in the package + doCheck = false; + + pythonImportsCheck = [ + "rfeed" + ]; + + meta = with lib; { + description = "RSS feed generation library for Python"; + homepage = "https://pypi.org/project/rfeed/"; + license = licenses.mit; + maintainers = []; + platforms = platforms.all; + }; +} diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix index aae70522..2af99829 100644 --- a/modules/nixos-modules/server/panoramax/panoramax.nix +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -3,43 +3,7 @@ lib, pkgs, ... -}: let - dbUrlConfigured = config.services.panoramax.database.url != null; - individualDbConfigured = lib.all (x: x != null) [ - config.services.panoramax.database.host - config.services.panoramax.database.port - config.services.panoramax.database.username - config.services.panoramax.database.password - config.services.panoramax.database.name - ]; - - envContent = '' - # Panoramax Configuration - FLASK_APP=geovisio - ${ - if dbUrlConfigured - then "DB_URL=${config.services.panoramax.database.url}" - else '' - DB_HOST=${config.services.panoramax.database.host} - DB_PORT=${toString config.services.panoramax.database.port} - DB_USERNAME=${config.services.panoramax.database.username} - DB_PASSWORD=${config.services.panoramax.database.password} - DB_NAME=${config.services.panoramax.database.name} - '' - } - ${lib.optionalString (config.services.panoramax.storage.fsUrl != null) "FS_URL=${config.services.panoramax.storage.fsUrl}"} - ${lib.optionalString (config.services.panoramax.infrastructure.nbProxies != null) "INFRA_NB_PROXIES=${toString config.services.panoramax.infrastructure.nbProxies}"} - ${lib.optionalString (config.services.panoramax.flask.secretKey != null) "FLASK_SECRET_KEY=${config.services.panoramax.flask.secretKey}"} - ${lib.optionalString (config.services.panoramax.flask.sessionCookieDomain != null) "FLASK_SESSION_COOKIE_DOMAIN=${config.services.panoramax.flask.sessionCookieDomain}"} - ${lib.optionalString (config.services.panoramax.api.pictures.licenseSpdxId != null) "API_PICTURES_LICENSE_SPDX_ID=${config.services.panoramax.api.pictures.licenseSpdxId}"} - ${lib.optionalString (config.services.panoramax.api.pictures.licenseUrl != null) "API_PICTURES_LICENSE_URL=${config.services.panoramax.api.pictures.licenseUrl}"} - ${lib.optionalString (config.services.panoramax.port != null) "PORT=${toString config.services.panoramax.port}"} - ${lib.optionalString (config.services.panoramax.sgblur.enable) "SGBLUR_API_URL=${config.services.panoramax.sgblur.url}"} - ${lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: "${name}=${value}") config.services.panoramax.extraEnvironment)} - ''; - - envFile = pkgs.writeText "panoramax.env" envContent; -in { +}: { options.services = { panoramax = { enable = lib.mkEnableOption "panoramax"; @@ -217,10 +181,145 @@ in { config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ { - # TODO: start panoramax service + # Create panoramax user and group + users.users.${config.services.panoramax.user} = { + isSystemUser = true; + group = config.services.panoramax.group; + home = "/var/lib/panoramax"; + createHome = true; + }; + + users.groups.${config.services.panoramax.group} = {}; + + # Ensure storage directory exists with correct permissions + systemd.tmpfiles.rules = [ + "d '${config.services.panoramax.settings.storage.fsUrl}' 0755 ${config.services.panoramax.user} ${config.services.panoramax.group} - -" + ]; + + systemd.services.panoramax-api = { + description = "Panoramax API server (self hosted map street view)"; + after = ["network.target" "postgresql.service"]; + wantedBy = ["multi-user.target"]; + + environment = + { + # Core Flask configuration + FLASK_APP = "geovisio"; + + # Database configuration + DB_HOST = config.services.panoramax.database.host; + DB_PORT = toString config.services.panoramax.database.port; + DB_USERNAME = config.services.panoramax.database.user; + DB_NAME = config.services.panoramax.database.name; + + # Storage configuration + FS_URL = config.services.panoramax.settings.storage.fsUrl; + + # Infrastructure configuration + INFRA_NB_PROXIES = toString config.services.panoramax.settings.infrastructure.nbProxies; + + # Application configuration + PORT = toString config.services.panoramax.port; + + # Python path to include the panoramax package + PYTHONPATH = "${config.services.panoramax.package}/${pkgs.python3.sitePackages}"; + } + // (lib.optionalAttrs (config.services.panoramax.settings.flask.secretKey != null) { + FLASK_SECRET_KEY = config.services.panoramax.settings.flask.secretKey; + }) + // (lib.optionalAttrs (config.services.panoramax.settings.flask.sessionCookieDomain != null) { + FLASK_SESSION_COOKIE_DOMAIN = config.services.panoramax.settings.flask.sessionCookieDomain; + }) + // (lib.optionalAttrs (config.services.panoramax.settings.api.pictures.licenseSpdxId != null) { + API_PICTURES_LICENSE_SPDX_ID = config.services.panoramax.settings.api.pictures.licenseSpdxId; + }) + // (lib.optionalAttrs (config.services.panoramax.settings.api.pictures.licenseUrl != null) { + API_PICTURES_LICENSE_URL = config.services.panoramax.settings.api.pictures.licenseUrl; + }) + // (lib.optionalAttrs config.services.sgblur.enable { + SGBLUR_API_URL = config.services.sgblur.url; + }) + // config.services.panoramax.settings.extraEnvironment; + + path = with pkgs; [ + (python3.withPackages (ps: with ps; [config.services.panoramax.package waitress])) + ]; + + serviceConfig = { + ExecStart = "${pkgs.python3.withPackages (ps: with ps; [config.services.panoramax.package waitress])}/bin/waitress-serve --port ${toString config.services.panoramax.port} --call geovisio:create_app"; + User = config.services.panoramax.user; + Group = config.services.panoramax.group; + WorkingDirectory = "/var/lib/panoramax"; + Restart = "always"; + RestartSec = 5; + + # Security hardening + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ + "/var/lib/panoramax" + config.services.panoramax.settings.storage.fsUrl + ]; + NoNewPrivileges = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + SystemCallArchitectures = "native"; + }; + }; + + # Open firewall if requested + networking.firewall.allowedTCPPorts = lib.mkIf config.services.panoramax.openFirewall [ + config.services.panoramax.port + ]; } (lib.mkIf config.services.sgblur.enable { - # TODO: start sg blur config + # SGBlur service configuration + systemd.services.sgblur = { + description = "SGBlur face and license plate blurring service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + + path = with pkgs; [ + config.services.sgblur.package + python3 + python3Packages.waitress + ]; + + serviceConfig = { + ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --host ${config.services.sgblur.host} --port ${toString config.services.sgblur.port} src.detect.detect_api:app"; + WorkingDirectory = "${config.services.sgblur.package}"; + Restart = "always"; + RestartSec = 5; + + # Basic security hardening + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + NoNewPrivileges = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + SystemCallArchitectures = "native"; + }; + }; + + networking.firewall.allowedTCPPorts = lib.mkIf config.services.panoramax.openFirewall [ + config.services.sgblur.port + ]; }) (lib.mkIf config.services.panoramax.database.createDB { services.postgresql = { From 7e6fa744af1710f58828f9cee05bce32075b03e2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 17 Sep 2025 19:42:15 -0500 Subject: [PATCH 843/932] fix: wrapped prostudiomasters in --in-process-gpu flag --- modules/common-modules/pkgs/default.nix | 1 - .../common-modules/pkgs/prostudiomasters.nix | 25 ++++++++++++++++--- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index e6083509..c97f97c2 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -10,7 +10,6 @@ ./webtoon-dl.nix {}; }) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? (final: prev: { prostudiomasters = pkgs.callPackage diff --git a/modules/common-modules/pkgs/prostudiomasters.nix b/modules/common-modules/pkgs/prostudiomasters.nix index c1c03fe4..1a3ad015 100644 --- a/modules/common-modules/pkgs/prostudiomasters.nix +++ b/modules/common-modules/pkgs/prostudiomasters.nix @@ -1,6 +1,7 @@ { fetchurl, appimageTools, + writeShellScript, }: let pname = "prostudiomasters"; version = "2.5.6"; @@ -8,7 +9,25 @@ url = "https://download.prostudiomasters.com/linux/ProStudioMasters-${version}.AppImage"; hash = "sha256-7owOwdcucFfl+JsVj+Seau2KOz0J4P/ep7WrBSNSmbs="; }; -in - appimageTools.wrapType2 { + + # Create the base AppImage wrapper + baseApp = appimageTools.wrapType2 { inherit pname version src; - } + }; + + # Create a wrapper script that automatically adds the --in-process-gpu flag + wrapper = writeShellScript "prostudiomasters-wrapper" '' + exec ${baseApp}/bin/prostudiomasters --in-process-gpu "$@" + ''; +in + # Override the base app to use our wrapper script + baseApp.overrideAttrs (oldAttrs: { + buildCommand = + oldAttrs.buildCommand + + '' + # Replace the original binary with our wrapper + rm $out/bin/prostudiomasters + cp ${wrapper} $out/bin/prostudiomasters + chmod +x $out/bin/prostudiomasters + ''; + }) From 333c68a8cd047098c111aa409b0ea89d30d50561 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 17 Sep 2025 22:18:15 -0500 Subject: [PATCH 844/932] feat: created db config for panoramax --- .../nixos/defiant/configuration.nix | 1 + .../server/panoramax/database.nix | 29 +++++++++++++++++++ .../server/panoramax/default.nix | 1 + 3 files changed, 31 insertions(+) create mode 100644 modules/nixos-modules/server/panoramax/database.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9be30657..a309704c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -308,6 +308,7 @@ panoramax = { enable = true; + openFirewall = true; }; qbittorrent = { diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix new file mode 100644 index 00000000..3cf34555 --- /dev/null +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -0,0 +1,29 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ + { + host = { + postgres = { + enable = true; + }; + }; + } + (lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.panoramax.database.user} = { + isClient = true; + }; + }; + extraDatabases = { + ${config.services.panoramax.database.name} = {}; + }; + }; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix index f029ee33..4c6b9ea0 100644 --- a/modules/nixos-modules/server/panoramax/default.nix +++ b/modules/nixos-modules/server/panoramax/default.nix @@ -4,5 +4,6 @@ ./fail2ban.nix ./impermanence.nix ./panoramax.nix + ./database.nix ]; } From 2cdc39f3dcc29090d48d54bc8f24a67303e99ff2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 18 Sep 2025 14:19:57 -0500 Subject: [PATCH 845/932] fix: disabled broken panoramax config --- .../nixos/defiant/configuration.nix | 2 +- .../server/panoramax/database.nix | 27 +++++++++++-------- .../server/panoramax/panoramax.nix | 18 ++++++++----- 3 files changed, 29 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index a309704c..d10bea07 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -307,7 +307,7 @@ }; panoramax = { - enable = true; + enable = false; openFirewall = true; }; diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix index 3cf34555..8679f9a4 100644 --- a/modules/nixos-modules/server/panoramax/database.nix +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -11,19 +11,24 @@ }; }; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.panoramax.database.user} = { - isClient = true; + ( + lib.mkIf config.host.postgres.enable { + host = { + postgres = { + extraUsers = { + ${config.services.panoramax.database.user} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${config.services.panoramax.database.name} = { + name = config.services.panoramax.database.user; + }; }; }; - extraDatabases = { - ${config.services.panoramax.database.name} = {}; - }; }; - }; - }) + } + ) ]); } diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix index 2af99829..fd77db7c 100644 --- a/modules/nixos-modules/server/panoramax/panoramax.nix +++ b/modules/nixos-modules/server/panoramax/panoramax.nix @@ -206,12 +206,6 @@ # Core Flask configuration FLASK_APP = "geovisio"; - # Database configuration - DB_HOST = config.services.panoramax.database.host; - DB_PORT = toString config.services.panoramax.database.port; - DB_USERNAME = config.services.panoramax.database.user; - DB_NAME = config.services.panoramax.database.name; - # Storage configuration FS_URL = config.services.panoramax.settings.storage.fsUrl; @@ -224,6 +218,18 @@ # Python path to include the panoramax package PYTHONPATH = "${config.services.panoramax.package}/${pkgs.python3.sitePackages}"; } + // ( + if config.services.panoramax.database.host == "/run/postgresql" + then { + DB_URL = "postgresql://${config.services.panoramax.database.user}@/${config.services.panoramax.database.name}?host=/run/postgresql"; + } + else { + DB_HOST = config.services.panoramax.database.host; + DB_PORT = toString config.services.panoramax.database.port; + DB_USERNAME = config.services.panoramax.database.user; + DB_NAME = config.services.panoramax.database.name; + } + ) // (lib.optionalAttrs (config.services.panoramax.settings.flask.secretKey != null) { FLASK_SECRET_KEY = config.services.panoramax.settings.flask.secretKey; }) From ca6de5c0cda53b0b47686bfcd58050cc789bd9b8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 18 Sep 2025 23:40:13 -0500 Subject: [PATCH 846/932] chore: added talk to readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 62040e3c..f1521ce0 100644 --- a/README.md +++ b/README.md @@ -69,4 +69,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance -- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn \ No newline at end of file +- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- graphana accessible though tailscale \ No newline at end of file From d35e2c93c1e38f8d67847e2b7be17034665615a8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 21 Sep 2025 21:04:47 -0500 Subject: [PATCH 847/932] feat: added option for auto aprove set root for vitest mcp server --- configurations/home-manager/leyla/packages/vscode/default.nix | 1 + modules/home-manager-modules/programs/vscode/claudeDev.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 583f440e..981156b1 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -84,6 +84,7 @@ in { list_tests = true; run_tests = true; analyze_coverage = true; + set_project_root = true; }; }; sleep = { diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index 0e34f979..cebf6142 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -105,6 +105,7 @@ in { list_tests = lib.mkEnableOption "Should the list_tests tool be auto approved for Vitest MCP server"; run_tests = lib.mkEnableOption "Should the run_tests tool be auto approved for Vitest MCP server"; analyze_coverage = lib.mkEnableOption "Should the analyze_coverage tool be auto approved for Vitest MCP server"; + set_project_root = lib.mkEnableOption "Should the set_project_root tool be auto approved for Vitest MCP server"; }; }; sleep = { From ee80636b2b4c958d3d003450371024ac71570114 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 24 Sep 2025 09:51:27 -0500 Subject: [PATCH 848/932] build: updated flake lock --- flake.lock | 71 ++++++++------------- flake.nix | 5 -- modules/common-modules/overlays/default.nix | 1 - 3 files changed, 25 insertions(+), 52 deletions(-) diff --git a/flake.lock b/flake.lock index b6e48bb3..6123425c 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1757508292, - "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "owner": "nix-community", "repo": "disko", - "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1757995413, - "narHash": "sha256-vaU/7/PXoym6vnspGxhR29V9klGe9iy9zmp6x7w38f8=", + "lastModified": 1758600213, + "narHash": "sha256-YP7+UxybMCzHPd5k93pulILnFvSisjgUAGUB/cxWbqU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "4ae8996b3e139926c784acd22824cde46cd28833", + "rev": "8a0333bf11a0fab386c80fa018617bb050156ec5", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1757997814, - "narHash": "sha256-F+1aoG+3NH4jDDEmhnDUReISyq6kQBBuktTUqCUWSiw=", + "lastModified": 1758719930, + "narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=", "owner": "nix-community", "repo": "home-manager", - "rev": "5820376beb804de9acf07debaaff1ac84728b708", + "rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1757430124, - "narHash": "sha256-MhDltfXesGH8VkGv3hmJ1QEKl1ChTIj9wmGAFfWj/Wk=", + "lastModified": 1758447883, + "narHash": "sha256-yGA6MV0E4JSEXqLTb4ZZkmdJZcoQ8HUzihRRX12Bvpg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "830b3f0b50045cf0bcfd4dab65fad05bf882e196", + "rev": "25381509d5c91bbf3c30e23abc6d8476d2143cd1", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1757987448, - "narHash": "sha256-ltDT7EIfLHV42p99HnDfDviC8jN7tcOed1qsLEFypl8=", + "lastModified": 1758678836, + "narHash": "sha256-ewDKEXcKYF7L+EGVa+8E1nxK1pdwVrCHcj5UhuGA8V0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "e496568b0e69d9d54c8cfef96ed1370952ad9786", + "rev": "5007786714b3573b37cf3b8c4a33e2ddce86960d", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757943327, - "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", + "lastModified": 1758663926, + "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", + "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757745802, - "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "type": "github" }, "original": { @@ -292,8 +292,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "secrets": "secrets", - "sops-nix": "sops-nix", - "steam-fetcher": "steam-fetcher" + "sops-nix": "sops-nix" } }, "secrets": { @@ -319,11 +318,11 @@ ] }, "locked": { - "lastModified": 1758007585, - "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", + "lastModified": 1758425756, + "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", + "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", "type": "github" }, "original": { @@ -332,26 +331,6 @@ "type": "github" } }, - "steam-fetcher": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1714795926, - "narHash": "sha256-PkgC9jqoN6cJ8XYzTA2PlrWs7aPJkM3BGiTxNqax0cA=", - "owner": "nix-community", - "repo": "steam-fetcher", - "rev": "12f66eafb7862d91b3e30c14035f96a21941bd9c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "steam-fetcher", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 79800128..151a54b3 100644 --- a/flake.nix +++ b/flake.nix @@ -72,11 +72,6 @@ url = "github:edolstra/flake-compat"; }; - steam-fetcher = { - url = "github:nix-community/steam-fetcher"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # MCP NixOS server for Claude Dev mcp-nixos = { url = "github:utensils/mcp-nixos"; diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 465e83fa..2c0f712d 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -1,7 +1,6 @@ # this folder is for derivation overlays {inputs, ...}: { nixpkgs.overlays = [ - inputs.steam-fetcher.overlays.default inputs.nix-vscode-extensions.overlays.default ]; } From 4d52c58f79d13c25fa1ca098f37db04ee9e9e33f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 14:58:51 -0500 Subject: [PATCH 849/932] feat: instealled media editing programs for defiant --- configurations/nixos/defiant/default.nix | 1 + configurations/nixos/defiant/packages.nix | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 configurations/nixos/defiant/packages.nix diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index fe850afe..30139466 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -3,5 +3,6 @@ imports = [ ./hardware-configuration.nix ./configuration.nix + ./packages.nix ]; } diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix new file mode 100644 index 00000000..45780b02 --- /dev/null +++ b/configurations/nixos/defiant/packages.nix @@ -0,0 +1,9 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + ffsubsync + sox + yt-dlp + ffmpeg + imagemagick + ]; +} From f9fe74cc8afcd50561eb4d796942246ed31c85bb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 19:36:34 -0500 Subject: [PATCH 850/932] feat: installed bazarr, radarr, and sonarr --- .../nixos/defiant/configuration.nix | 15 ++++++++++ .../nixos-modules/server/bazarr/default.nix | 6 ++++ .../server/bazarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/bazarr/proxy.nix | 28 +++++++++++++++++++ modules/nixos-modules/server/default.nix | 9 ++++-- .../nixos-modules/server/radarr/default.nix | 6 ++++ .../server/radarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/radarr/proxy.nix | 28 +++++++++++++++++++ .../nixos-modules/server/sonarr/default.nix | 6 ++++ .../server/sonarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/sonarr/proxy.nix | 28 +++++++++++++++++++ 11 files changed, 201 insertions(+), 3 deletions(-) create mode 100644 modules/nixos-modules/server/bazarr/default.nix create mode 100644 modules/nixos-modules/server/bazarr/impermanence.nix create mode 100644 modules/nixos-modules/server/bazarr/proxy.nix create mode 100644 modules/nixos-modules/server/radarr/default.nix create mode 100644 modules/nixos-modules/server/radarr/impermanence.nix create mode 100644 modules/nixos-modules/server/radarr/proxy.nix create mode 100644 modules/nixos-modules/server/sonarr/default.nix create mode 100644 modules/nixos-modules/server/sonarr/impermanence.nix create mode 100644 modules/nixos-modules/server/sonarr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index d10bea07..830af166 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -287,6 +287,21 @@ subdomain = "budget"; }; + sonarr = { + enable = true; + openFirewall = true; + }; + + radarr = { + enable = true; + openFirewall = true; + }; + + bazarr = { + enable = true; + openFirewall = true; + }; + home-assistant = { enable = true; subdomain = "home"; diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix new file mode 100644 index 00000000..f39d9400 --- /dev/null +++ b/modules/nixos-modules/server/bazarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix new file mode 100644 index 00000000..22fb0e63 --- /dev/null +++ b/modules/nixos-modules/server/bazarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + bazarr_data_directory = "/var/lib/bazarr"; +in { + config = lib.mkIf (config.services.bazarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.bazarr.dataDir == bazarr_data_directory; + message = "bazarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = bazarr_data_directory; + user = "bazarr"; + group = "bazarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/bazarr/proxy.nix b/modules/nixos-modules/server/bazarr/proxy.nix new file mode 100644 index 00000000..fe310d81 --- /dev/null +++ b/modules/nixos-modules/server/bazarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.bazarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.bazarr.enable && config.services.bazarr.subdomain != null) { + host.reverse_proxy.subdomains.bazarr = { + subdomain = config.services.bazarr.subdomain; + extraSubdomains = config.services.bazarr.extraSubdomains; + target = "http://127.0.0.1:6767"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 15f833b8..e550123d 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -7,14 +7,17 @@ ./podman.nix ./actual - ./immich - ./panoramax + ./bazarr ./forgejo ./home-assistant + ./immich ./jellyfin + ./panoramax ./paperless - ./searx ./qbittorent.nix + ./radarr + ./searx + ./sonarr ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix new file mode 100644 index 00000000..f39d9400 --- /dev/null +++ b/modules/nixos-modules/server/radarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix new file mode 100644 index 00000000..4a3242c9 --- /dev/null +++ b/modules/nixos-modules/server/radarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + radarr_data_directory = "/var/lib/radarr/.config/Radarr"; +in { + config = lib.mkIf (config.services.radarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.radarr.dataDir == radarr_data_directory; + message = "radarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = radarr_data_directory; + user = "radarr"; + group = "radarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/radarr/proxy.nix b/modules/nixos-modules/server/radarr/proxy.nix new file mode 100644 index 00000000..ec5f575f --- /dev/null +++ b/modules/nixos-modules/server/radarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.radarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.radarr.enable && config.services.radarr.subdomain != null) { + host.reverse_proxy.subdomains.radarr = { + subdomain = config.services.radarr.subdomain; + extraSubdomains = config.services.radarr.extraSubdomains; + target = "http://127.0.0.1:7878"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix new file mode 100644 index 00000000..f39d9400 --- /dev/null +++ b/modules/nixos-modules/server/sonarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix new file mode 100644 index 00000000..abc843c5 --- /dev/null +++ b/modules/nixos-modules/server/sonarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; +in { + config = lib.mkIf (config.services.sonarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.sonarr.dataDir == sonarr_data_directory; + message = "sonarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = sonarr_data_directory; + user = "sonarr"; + group = "sonarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/sonarr/proxy.nix b/modules/nixos-modules/server/sonarr/proxy.nix new file mode 100644 index 00000000..22b90a62 --- /dev/null +++ b/modules/nixos-modules/server/sonarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.sonarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.sonarr.enable && config.services.sonarr.subdomain != null) { + host.reverse_proxy.subdomains.sonarr = { + subdomain = config.services.sonarr.subdomain; + extraSubdomains = config.services.sonarr.extraSubdomains; + target = "http://127.0.0.1:8989"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} From a8139f4265963e091062d354ab09e413a0103cda Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 20:04:51 -0500 Subject: [PATCH 851/932] feat: installed filebot --- configurations/nixos/defiant/packages.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix index 45780b02..f9cce58d 100644 --- a/configurations/nixos/defiant/packages.nix +++ b/configurations/nixos/defiant/packages.nix @@ -1,9 +1,19 @@ -{pkgs, ...}: { +{ + pkgs, + lib, + ... +}: { + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "filebot" + ]; + environment.systemPackages = with pkgs; [ ffsubsync sox yt-dlp ffmpeg imagemagick + filebot ]; } From d2be5c7e2459355fbed24c74918b5793dcbffae0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 20:10:49 -0500 Subject: [PATCH 852/932] feat: added radarr, sonarr, and bazarr to the jellyfin_media group --- modules/nixos-modules/users.nix | 48 +++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 7fd43da1..ea8d8770 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -25,6 +25,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; + radarr = 275; + sonarr = 274; + bazarr = 985; }; gids = { @@ -42,6 +45,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; + radarr = 275; + sonarr = 274; + bazarr = 981; }; users = config.users.users; @@ -177,6 +183,24 @@ in { isSystemUser = true; group = config.users.users.actual.name; }; + + radarr = { + uid = lib.mkForce uids.radarr; + isSystemUser = true; + group = config.users.users.radarr.name; + }; + + sonarr = { + uid = lib.mkForce uids.sonarr; + isSystemUser = true; + group = config.users.users.sonarr.name; + }; + + bazarr = { + uid = lib.mkForce uids.bazarr; + isSystemUser = true; + group = config.users.users.bazarr.name; + }; }; groups = { @@ -206,6 +230,9 @@ in { gid = lib.mkForce gids.jellyfin_media; members = [ users.jellyfin.name + users.radarr.name + users.sonarr.name + users.bazarr.name leyla eve ]; @@ -287,6 +314,27 @@ in { users.actual.name ]; }; + + radarr = { + gid = lib.mkForce gids.radarr; + members = [ + users.radarr.name + ]; + }; + + sonarr = { + gid = lib.mkForce gids.sonarr; + members = [ + users.sonarr.name + ]; + }; + + bazarr = { + gid = lib.mkForce gids.bazarr; + members = [ + users.bazarr.name + ]; + }; }; }; } From a8dfcb02c86052113b5d46f242601c1b5f075a4e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:20:15 -0500 Subject: [PATCH 853/932] feat: created filebot cleanup service to run in background --- .../nixos/defiant/configuration.nix | 5 ++ configurations/nixos/defiant/default.nix | 1 + configurations/nixos/defiant/filebot.nix | 82 +++++++++++++++++++ configurations/nixos/defiant/packages.nix | 12 +-- 4 files changed, 89 insertions(+), 11 deletions(-) create mode 100644 configurations/nixos/defiant/filebot.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 830af166..e5f63f74 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -332,6 +332,11 @@ openFirewall = true; webuiPort = 8084; }; + + filebot-cleanup = { + enable = true; + licenseFile = "/srv/jellyfin/filebot_license.psm"; + }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 30139466..05975a12 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -4,5 +4,6 @@ ./hardware-configuration.nix ./configuration.nix ./packages.nix + ./filebot.nix ]; } diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix new file mode 100644 index 00000000..77d81bda --- /dev/null +++ b/configurations/nixos/defiant/filebot.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.services.filebot-cleanup; +in { + options.services.filebot-cleanup = { + enable = mkEnableOption "Filebot cleanup service"; + + licenseFile = mkOption { + type = types.nullOr types.path; + default = null; + description = "Path to the Filebot license file"; + }; + + cleanupDirectory = mkOption { + type = types.str; + default = "/srv/jellyfin/filebot_cleanup"; + description = "Directory where cleaned up media files are stored"; + }; + }; + + config = mkIf cfg.enable { + users.groups.filebot_cleanup = {}; + users.users.filebot_cleanup = { + isSystemUser = true; + group = "filebot_cleanup"; + extraGroups = ["jellyfin_media"]; + home = cfg.cleanupDirectory; + createHome = true; + }; + + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "filebot" + ]; + + environment.systemPackages = with pkgs; [ + filebot + ]; + + systemd.services.filebot-cleanup = { + description = "Filebot media cleanup service"; + serviceConfig = { + Type = "simple"; + User = "filebot_cleanup"; + Group = "filebot_cleanup"; + ExecStart = pkgs.writeShellScript "filebot-cleanup" '' + ${optionalString (cfg.licenseFile != null) '' + ${pkgs.filebot}/bin/filebot --license "${cfg.licenseFile}" + ''} + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move + ''; + StandardOutput = "journal"; + StandardError = "journal"; + }; + wantedBy = ["multi-user.target"]; + }; + + environment.persistence = lib.mkIf config.host.impermanence.enable { + "/persist/system/filebot_cleanup" = { + enable = true; + hideMounts = true; + files = [ + cfg.licenseFile + ]; + directories = [ + { + directory = cfg.cleanupDirectory; + user = "filebot_cleanup"; + group = "filebot_cleanup"; + mode = "1770"; + } + ]; + }; + }; + }; +} diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix index f9cce58d..45780b02 100644 --- a/configurations/nixos/defiant/packages.nix +++ b/configurations/nixos/defiant/packages.nix @@ -1,19 +1,9 @@ -{ - pkgs, - lib, - ... -}: { - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "filebot" - ]; - +{pkgs, ...}: { environment.systemPackages = with pkgs; [ ffsubsync sox yt-dlp ffmpeg imagemagick - filebot ]; } From 24def1e3d3428e7fe30a06eecc1786110065a14a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:31:29 -0500 Subject: [PATCH 854/932] chore: added tasks to README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index f1521ce0..cad757ab 100644 --- a/README.md +++ b/README.md @@ -69,5 +69,9 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance +- update proxy.nix files to contain the subdomain configs +- rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- make radarr, sonarr, and bazarr accessible over vpn +- create some sort of service that allows uploading files to jellyfin - graphana accessible though tailscale \ No newline at end of file From 1d940fd8d8275a4050876d981e769e5c1572fe20 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:33:14 -0500 Subject: [PATCH 855/932] feat: disabled sonarr, radarr, and bazarr --- configurations/nixos/defiant/configuration.nix | 15 --------------- modules/nixos-modules/users.nix | 12 ++++++------ 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e5f63f74..2cde0b12 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -287,21 +287,6 @@ subdomain = "budget"; }; - sonarr = { - enable = true; - openFirewall = true; - }; - - radarr = { - enable = true; - openFirewall = true; - }; - - bazarr = { - enable = true; - openFirewall = true; - }; - home-assistant = { enable = true; subdomain = "home"; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index ea8d8770..db7d4ab9 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -25,9 +25,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; - radarr = 275; - sonarr = 274; - bazarr = 985; + radarr = 2014; + sonarr = 2015; + bazarr = 2016; }; gids = { @@ -45,9 +45,9 @@ qbittorrent = 2011; paperless = 2012; actual = 2013; - radarr = 275; - sonarr = 274; - bazarr = 981; + radarr = 2014; + sonarr = 2015; + bazarr = 2016; }; users = config.users.users; From c8d994814fb0d040be8e16cbc3c40ffbfb5a87e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:35:28 -0500 Subject: [PATCH 856/932] chore: added note to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cad757ab..c58d8475 100644 --- a/README.md +++ b/README.md @@ -74,4 +74,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn - make radarr, sonarr, and bazarr accessible over vpn - create some sort of service that allows uploading files to jellyfin + - auto sort files into where they should go with some combination of filebot cli and picard cli - graphana accessible though tailscale \ No newline at end of file From 178b414a0ace601d899f27ea9c33899f70a87c6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 25 Sep 2025 22:41:10 -0500 Subject: [PATCH 857/932] chore: removed already completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index c58d8475..e94eb587 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - panoramax instance - mastodon instance -- update proxy.nix files to contain the subdomain configs - rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn - make radarr, sonarr, and bazarr accessible over vpn From 0cb4c25467ea159cce3d29df5f617491d9aced4a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 26 Sep 2025 20:21:58 -0500 Subject: [PATCH 858/932] fat: disabled filebot-cleanup service --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2cde0b12..401173ef 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -319,7 +319,7 @@ }; filebot-cleanup = { - enable = true; + enable = false; licenseFile = "/srv/jellyfin/filebot_license.psm"; }; }; From 6dfe3ac3265c6de1202ac7cd6cad2bea8697b129 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 1 Oct 2025 15:14:36 -0500 Subject: [PATCH 859/932] build: updated flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 6123425c..b5607f63 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1758600213, - "narHash": "sha256-YP7+UxybMCzHPd5k93pulILnFvSisjgUAGUB/cxWbqU=", + "lastModified": 1759291409, + "narHash": "sha256-eAzmD4ijeWCFy4YqArNmVu8901nLQLHr6dCv94yRrFk=", "owner": "rycee", "repo": "nur-expressions", - "rev": "8a0333bf11a0fab386c80fa018617bb050156ec5", + "rev": "f9c2e6b2eebdbe0e87236a63ea323c86da79b6c5", "type": "gitlab" }, "original": { @@ -118,11 +118,11 @@ ] }, "locked": { - "lastModified": 1758719930, - "narHash": "sha256-DgHe1026Ob49CPegPMiWj1HNtlMTGQzfSZQQVlHC950=", + "lastModified": 1759337100, + "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", "owner": "nix-community", "repo": "home-manager", - "rev": "142acd7a7d9eb7f0bb647f053b4ddfd01fdfbf1d", + "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", "type": "github" }, "original": { @@ -155,11 +155,11 @@ ] }, "locked": { - "lastModified": 1755372538, - "narHash": "sha256-iWhsf1Myk6RyQ7IuNf4bWI3Sqq9pgmhKvEisCXtkxyw=", + "lastModified": 1759342933, + "narHash": "sha256-mdlUFcrOfvT0Pm+Hko/6aR3xf1ao5JA2iem4KsEVjP4=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "46b4d4d3d6421bfbadc415532ef74433871e1cda", + "rev": "50b02bcba32b941d2ec48fedef68641702ca5b0f", "type": "github" }, "original": { @@ -175,11 +175,11 @@ ] }, "locked": { - "lastModified": 1758447883, - "narHash": "sha256-yGA6MV0E4JSEXqLTb4ZZkmdJZcoQ8HUzihRRX12Bvpg=", + "lastModified": 1758805352, + "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "25381509d5c91bbf3c30e23abc6d8476d2143cd1", + "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1758678836, - "narHash": "sha256-ewDKEXcKYF7L+EGVa+8E1nxK1pdwVrCHcj5UhuGA8V0=", + "lastModified": 1759284197, + "narHash": "sha256-NbaOzcxsUxNm+Dday5DlV6P9CzRAonY2DNcp056oWWc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5007786714b3573b37cf3b8c4a33e2ddce86960d", + "rev": "a87f796f1ed4b0a8babe9370791a66aac4864887", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1758663926, - "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", + "lastModified": 1759261527, + "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", + "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1758427187, - "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" }, "original": { @@ -318,11 +318,11 @@ ] }, "locked": { - "lastModified": 1758425756, - "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=", + "lastModified": 1759188042, + "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", + "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", "type": "github" }, "original": { From c10c61003474a2760d92710b7bdb721cb9337d49 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 12:49:29 -0500 Subject: [PATCH 860/932] feat: started to create polycule package --- .../home-manager/leyla/packages/default.nix | 2 + modules/common-modules/pkgs/default.nix | 3 + .../common-modules/pkgs/polycule/default.nix | 149 + .../pkgs/polycule/polycule-pubspec.lock.json | 2459 +++++++++++++++++ .../home-manager-modules/programs/default.nix | 1 + .../programs/polycule.nix | 32 + 6 files changed, 2646 insertions(+) create mode 100644 modules/common-modules/pkgs/polycule/default.nix create mode 100644 modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json create mode 100644 modules/home-manager-modules/programs/polycule.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 6377ed29..a6da7f57 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -70,6 +70,8 @@ in { noisetorch.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; + # polycule package is currently broken + polycule.enable = false; }) ]; } diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index c97f97c2..a2f61b18 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -38,5 +38,8 @@ # Override h3 C library to version 4.3.0 h3 = pkgs.callPackage ./h3-c-lib.nix {}; }) + (final: prev: { + polycule = pkgs.callPackage ./polycule {}; + }) ]; } diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix new file mode 100644 index 00000000..d0928971 --- /dev/null +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -0,0 +1,149 @@ +{ + lib, + flutter329, + fetchFromGitLab, + pkg-config, + wrapGAppsHook, + gtk3, + glib, + glib-networking, + webkitgtk_4_1, + libsecret, + libnotify, + dbus, + sqlcipher, + openssl, + mpv, + alsa-lib, + libass, + ffmpeg-full, + libplacebo, + libunwind, + shaderc, + vulkan-headers, + vulkan-loader, + lcms2, + libdovi, + libdvdnav, + libdvdread, + mujs, + libbluray, + lua, + rubberband, + libuchardet, + zimg, + openal, + pipewire, + libpulseaudio, + libcaca, + libdrm, + libdisplay-info, + libgbm, + xorg, + nv-codec-headers-11, + libva, + libvdpau, +}: +flutter329.buildFlutterApplication rec { + pname = "polycule"; + version = "0.3.0"; + + src = fetchFromGitLab { + owner = "polycule_client"; + repo = "polycule"; + rev = "v${version}"; + hash = "sha256-kY1vJiDXh0rSCJNOAkO8JGiMR8kXwDHuc3T+S4MkOWY="; + }; + + pubspecLock = lib.importJSON ./polycule-pubspec.lock.json; + + gitHashes = { + matrix = "sha256-e1HGC2yZyqqYB5YAGKmUkkdDbuSzhiUenJMKJgQYIi8="; + media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg="; + media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg="; + }; + + nativeBuildInputs = [ + pkg-config + wrapGAppsHook + ]; + + buildInputs = [ + gtk3 + glib + glib-networking + webkitgtk_4_1 + libsecret + libnotify + dbus + sqlcipher + openssl + mpv + alsa-lib + libass + ffmpeg-full + libplacebo + libunwind + shaderc + vulkan-headers + vulkan-loader + lcms2 + libdovi + libdvdnav + libdvdread + mujs + libbluray + lua + rubberband + libuchardet + zimg + openal + pipewire + libpulseaudio + libcaca + libdrm + libdisplay-info + libgbm + xorg.libXScrnSaver + xorg.libXpresent + nv-codec-headers-11 + libva + libvdpau + ]; + + flutterBuildFlags = [ + "--release" + "--target" + "lib/main.dart" + "--dart-define=POLYCULE_VERSION=v${version}" + "--dart-define=POLYCULE_IS_STABLE=true" + "--no-tree-shake-icons" + ]; + + postInstall = '' + # Install desktop files and icons from the source + install -Dm644 linux/business.braid.polycule.desktop $out/share/applications/polycule.desktop + install -Dm644 assets/logo/logo-circle.png $out/share/pixmaps/polycule.png + + # Update desktop file to use correct executable name + substituteInPlace $out/share/applications/polycule.desktop \ + --replace 'Exec=business.braid.polycule' 'Exec=polycule' + + # Create a symlink with the expected name + ln -sf $out/bin/polycule $out/bin/business.braid.polycule + ''; + + meta = with lib; { + description = "A geeky and efficient [matrix] client for power users"; + longDescription = '' + Polycule is a modern Matrix client built with Flutter, designed for power users + who want a fast, efficient, and feature-rich Matrix experience. + ''; + homepage = "https://polycule.im/"; + license = licenses.eupl12; + maintainers = []; + platforms = ["x86_64-linux" "aarch64-linux"]; + sourceProvenance = with sourceTypes; [fromSource]; + mainProgram = "polycule"; + }; +} diff --git a/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json new file mode 100644 index 00000000..e119fa29 --- /dev/null +++ b/modules/common-modules/pkgs/polycule/polycule-pubspec.lock.json @@ -0,0 +1,2459 @@ +{ + "packages": { + "_fe_analyzer_shared": { + "dependency": "transitive", + "description": { + "name": "_fe_analyzer_shared", + "sha256": "da0d9209ca76bde579f2da330aeb9df62b6319c834fa7baae052021b0462401f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "85.0.0" + }, + "analyzer": { + "dependency": "transitive", + "description": { + "name": "analyzer", + "sha256": "974859dc0ff5f37bc4313244b3218c791810d03ab3470a579580279ba971a48d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.7.1" + }, + "animations": { + "dependency": "direct main", + "description": { + "name": "animations", + "sha256": "d3d6dcfb218225bbe68e87ccf6378bbb2e32a94900722c5f81611dad089911cb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.11" + }, + "app_links": { + "dependency": "direct main", + "description": { + "name": "app_links", + "sha256": "85ed8fc1d25a76475914fff28cc994653bd900bc2c26e4b57a49e097febb54ba", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.4.0" + }, + "app_links_linux": { + "dependency": "transitive", + "description": { + "name": "app_links_linux", + "sha256": "f5f7173a78609f3dfd4c2ff2c95bd559ab43c80a87dc6a095921d96c05688c81", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.3" + }, + "app_links_platform_interface": { + "dependency": "transitive", + "description": { + "name": "app_links_platform_interface", + "sha256": "05f5379577c513b534a29ddea68176a4d4802c46180ee8e2e966257158772a3f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.2" + }, + "app_links_web": { + "dependency": "transitive", + "description": { + "name": "app_links_web", + "sha256": "af060ed76183f9e2b87510a9480e56a5352b6c249778d07bd2c95fc35632a555", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.4" + }, + "archive": { + "dependency": "transitive", + "description": { + "name": "archive", + "sha256": "2fde1607386ab523f7a36bb3e7edb43bd58e6edaf2ffb29d8a6d578b297fdbbd", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.7" + }, + "args": { + "dependency": "transitive", + "description": { + "name": "args", + "sha256": "d0481093c50b1da8910eb0bb301626d4d8eb7284aa739614d2b394ee09e3ea04", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.7.0" + }, + "async": { + "dependency": "direct main", + "description": { + "name": "async", + "sha256": "758e6d74e971c3e5aceb4110bfd6698efc7f501675bcfe0c775459a8140750eb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.13.0" + }, + "audio_session": { + "dependency": "transitive", + "description": { + "name": "audio_session", + "sha256": "8f96a7fecbb718cb093070f868b4cdcb8a9b1053dce342ff8ab2fde10eb9afb7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.2" + }, + "barcode": { + "dependency": "transitive", + "description": { + "name": "barcode", + "sha256": "7b6729c37e3b7f34233e2318d866e8c48ddb46c1f7ad01ff7bb2a8de1da2b9f4", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.9" + }, + "barcode_widget": { + "dependency": "direct main", + "description": { + "name": "barcode_widget", + "sha256": "6f2c5b08659b1a5f4d88d183e6007133ea2f96e50e7b8bb628f03266c3931427", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.4" + }, + "base58check": { + "dependency": "transitive", + "description": { + "name": "base58check", + "sha256": "6c300dfc33e598d2fe26319e13f6243fea81eaf8204cb4c6b69ef20a625319a5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "blurhash_dart": { + "dependency": "direct main", + "description": { + "name": "blurhash_dart", + "sha256": "43955b6c2e30a7d440028d1af0fa185852f3534b795cc6eb81fbf397b464409f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.1" + }, + "boolean_selector": { + "dependency": "transitive", + "description": { + "name": "boolean_selector", + "sha256": "8aab1771e1243a5063b8b0ff68042d67334e3feab9e95b9490f9a6ebf73b42ea", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "build_cli_annotations": { + "dependency": "transitive", + "description": { + "name": "build_cli_annotations", + "sha256": "b59d2769769efd6c9ff6d4c4cede0be115a566afc591705c2040b707534b1172", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "camera": { + "dependency": "transitive", + "description": { + "name": "camera", + "sha256": "d6ec2cbdbe2fa8f5e0d07d8c06368fe4effa985a4a5ddade9cc58a8cd849557d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.11.2" + }, + "camera_android_camerax": { + "dependency": "transitive", + "description": { + "name": "camera_android_camerax", + "sha256": "58b8fe843a3c83fd1273c00cb35f5a8ae507f6cc9b2029bcf7e2abba499e28d8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.19+1" + }, + "camera_avfoundation": { + "dependency": "transitive", + "description": { + "name": "camera_avfoundation", + "sha256": "e4aca5bccaf897b70cac87e5fdd789393310985202442837922fd40325e2733b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.21+1" + }, + "camera_platform_interface": { + "dependency": "transitive", + "description": { + "name": "camera_platform_interface", + "sha256": "2f757024a48696ff4814a789b0bd90f5660c0fb25f393ab4564fb483327930e2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.10.0" + }, + "camera_web": { + "dependency": "transitive", + "description": { + "name": "camera_web", + "sha256": "595f28c89d1fb62d77c73c633193755b781c6d2e0ebcd8dc25b763b514e6ba8f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.5" + }, + "canonical_json": { + "dependency": "transitive", + "description": { + "name": "canonical_json", + "sha256": "d6be1dd66b420c6ac9f42e3693e09edf4ff6edfee26cb4c28c1c019fdb8c0c15", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "characters": { + "dependency": "transitive", + "description": { + "name": "characters", + "sha256": "f71061c654a3380576a52b451dd5532377954cf9dbd272a78fc8479606670803", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.4.0" + }, + "checked_yaml": { + "dependency": "transitive", + "description": { + "name": "checked_yaml", + "sha256": "959525d3162f249993882720d52b7e0c833978df229be20702b33d48d91de70f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.4" + }, + "cli_config": { + "dependency": "transitive", + "description": { + "name": "cli_config", + "sha256": "ac20a183a07002b700f0c25e61b7ee46b23c309d76ab7b7640a028f18e4d99ec", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.0" + }, + "cli_util": { + "dependency": "transitive", + "description": { + "name": "cli_util", + "sha256": "ff6785f7e9e3c38ac98b2fb035701789de90154024a75b6cb926445e83197d1c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.2" + }, + "clock": { + "dependency": "transitive", + "description": { + "name": "clock", + "sha256": "fddb70d9b5277016c77a80201021d40a2247104d9f4aa7bab7157b7e3f05b84b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "collection": { + "dependency": "direct main", + "description": { + "name": "collection", + "sha256": "2f5709ae4d3d59dd8f7cd309b4e023046b57d8a6c82130785d2b0e5868084e76", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.19.1" + }, + "convert": { + "dependency": "transitive", + "description": { + "name": "convert", + "sha256": "b30acd5944035672bc15c6b7a8b47d773e41e2f17de064350988c5d02adb1c68", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.2" + }, + "coverage": { + "dependency": "transitive", + "description": { + "name": "coverage", + "sha256": "5da775aa218eaf2151c721b16c01c7676fbfdd99cebba2bf64e8b807a28ff94d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.15.0" + }, + "cross_file": { + "dependency": "direct main", + "description": { + "name": "cross_file", + "sha256": "7caf6a750a0c04effbb52a676dce9a4a592e10ad35c34d6d2d0e4811160d5670", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.4+2" + }, + "crypto": { + "dependency": "transitive", + "description": { + "name": "crypto", + "sha256": "1e445881f28f22d6140f181e07737b22f1e099a5e1ff94b0af2f9e4a463f4855", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.6" + }, + "csslib": { + "dependency": "direct main", + "description": { + "name": "csslib", + "sha256": "09bad715f418841f976c77db72d5398dc1253c21fb9c0c7f0b0b985860b2d58e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.2" + }, + "cupertino_http": { + "dependency": "direct main", + "description": { + "name": "cupertino_http", + "sha256": "72187f715837290a63479a5b0ae709f4fedad0ed6bd0441c275eceaa02d5abae", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.0" + }, + "cupertino_icons": { + "dependency": "direct main", + "description": { + "name": "cupertino_icons", + "sha256": "ba631d1c7f7bef6b729a622b7b752645a2d076dba9976925b8f25725a30e1ee6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.8" + }, + "dart_animated_emoji": { + "dependency": "direct main", + "description": { + "name": "dart_animated_emoji", + "sha256": "0e0865f1b56e2f2979e8caa09a7d693e30133050c5c677de301e6ca4d8da945e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.2" + }, + "dbus": { + "dependency": "direct main", + "description": { + "name": "dbus", + "sha256": "79e0c23480ff85dc68de79e2cd6334add97e48f7f4865d17686dd6ea81a47e8c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.7.11" + }, + "diacritic": { + "dependency": "direct main", + "description": { + "name": "diacritic", + "sha256": "12981945ec38931748836cd76f2b38773118d0baef3c68404bdfde9566147876", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.6" + }, + "diffutil_dart": { + "dependency": "direct main", + "description": { + "name": "diffutil_dart", + "sha256": "5e74883aedf87f3b703cb85e815bdc1ed9208b33501556e4a8a5572af9845c81", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.1" + }, + "dynamic_color": { + "dependency": "direct main", + "description": { + "name": "dynamic_color", + "sha256": "43a5a6679649a7731ab860334a5812f2067c2d9ce6452cf069c5e0c25336c17c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.8.1" + }, + "emoji_extension": { + "dependency": "direct main", + "description": { + "name": "emoji_extension", + "sha256": "7678a3e3fca4f2dfbce02cf8d439a81e130ce303fdc1ad90f484f57fd5ce4ba1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.0" + }, + "enhanced_enum": { + "dependency": "transitive", + "description": { + "name": "enhanced_enum", + "sha256": "074c5a8b9664799ca91e1e8b68003b8694cb19998671cbafd9c7779c13fcdecf", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.4" + }, + "equatable": { + "dependency": "transitive", + "description": { + "name": "equatable", + "sha256": "567c64b3cb4cf82397aac55f4f0cbd3ca20d77c6c03bedbc4ceaddc08904aef7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.7" + }, + "fake_async": { + "dependency": "transitive", + "description": { + "name": "fake_async", + "sha256": "5368f224a74523e8d2e7399ea1638b37aecfca824a3cc4dfdf77bf1fa905ac44", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.3" + }, + "fetch_api": { + "dependency": "transitive", + "description": { + "name": "fetch_api", + "sha256": "24cbd5616f3d4008c335c197bb90bfa0eb43b9e55c6de5c60d1f805092636034", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.1" + }, + "fetch_client": { + "dependency": "direct main", + "description": { + "name": "fetch_client", + "sha256": "375253f4efe64303c793fb17fe90771c591320b2ae11fb29cb5b406cc8533c00", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.4" + }, + "ffi": { + "dependency": "transitive", + "description": { + "name": "ffi", + "sha256": "289279317b4b16eb2bb7e271abccd4bf84ec9bdcbe999e278a94b804f5630418", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.4" + }, + "file": { + "dependency": "transitive", + "description": { + "name": "file", + "sha256": "a3b4f84adafef897088c160faf7dfffb7696046cb13ae90b508c2cbc95d3b8d4", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.0.1" + }, + "file_selector": { + "dependency": "direct main", + "description": { + "name": "file_selector", + "sha256": "5019692b593455127794d5718304ff1ae15447dea286cdda9f0db2a796a1b828", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.3" + }, + "file_selector_android": { + "dependency": "transitive", + "description": { + "name": "file_selector_android", + "sha256": "3015702ab73987000e7ff2df5ddc99666d2bcd65cdb243f59da35729d3be6cff", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.1+15" + }, + "file_selector_ios": { + "dependency": "transitive", + "description": { + "name": "file_selector_ios", + "sha256": "94b98ad950b8d40d96fee8fa88640c2e4bd8afcdd4817993bd04e20310f45420", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.3+1" + }, + "file_selector_linux": { + "dependency": "transitive", + "description": { + "name": "file_selector_linux", + "sha256": "54cbbd957e1156d29548c7d9b9ec0c0ebb6de0a90452198683a7d23aed617a33", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.3+2" + }, + "file_selector_macos": { + "dependency": "transitive", + "description": { + "name": "file_selector_macos", + "sha256": "8c9250b2bd2d8d4268e39c82543bacbaca0fda7d29e0728c3c4bbb7c820fd711", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.4+3" + }, + "file_selector_platform_interface": { + "dependency": "transitive", + "description": { + "name": "file_selector_platform_interface", + "sha256": "a3994c26f10378a039faa11de174d7b78eb8f79e4dd0af2a451410c1a5c3f66b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.6.2" + }, + "file_selector_web": { + "dependency": "transitive", + "description": { + "name": "file_selector_web", + "sha256": "c4c0ea4224d97a60a7067eca0c8fd419e708ff830e0c83b11a48faf566cec3e7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.4+2" + }, + "file_selector_windows": { + "dependency": "transitive", + "description": { + "name": "file_selector_windows", + "sha256": "320fcfb6f33caa90f0b58380489fc5ac05d99ee94b61aa96ec2bff0ba81d3c2b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.3+4" + }, + "fixnum": { + "dependency": "transitive", + "description": { + "name": "fixnum", + "sha256": "b6dc7065e46c974bc7c5f143080a6764ec7a4be6da1285ececdc37be96de53be", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.1" + }, + "flutter": { + "dependency": "direct main", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_adaptive_scaffold": { + "dependency": "direct main", + "description": { + "name": "flutter_adaptive_scaffold", + "sha256": "5eb1d1d174304a4e67c4bb402ed38cb4a5ebdac95ce54099e91460accb33d295", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.3+1" + }, + "flutter_confetti": { + "dependency": "direct main", + "description": { + "name": "flutter_confetti", + "sha256": "7e46b82ea0adc456afc91037652bbfbd52a951804fde0708822fad5d68be6398", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.1" + }, + "flutter_driver": { + "dependency": "direct dev", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_highlighting": { + "dependency": "direct main", + "description": { + "name": "flutter_highlighting", + "sha256": "426770b1453e8302f8cc58455ebcaad33e3049e73ca18f9d3c83554552bf3baf", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.0+11.8.0" + }, + "flutter_html": { + "dependency": "direct main", + "description": { + "name": "flutter_html", + "sha256": "38a2fd702ffdf3243fb7441ab58aa1bc7e6922d95a50db76534de8260638558d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "flutter_html_svg": { + "dependency": "direct main", + "description": { + "name": "flutter_html_svg", + "sha256": "76f59c238571333d95271817c3d94688b3c4dca2735552e481e49039d3efdb13", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "flutter_html_table": { + "dependency": "direct main", + "description": { + "name": "flutter_html_table", + "sha256": "de15300b1f6d8014e1702e7edfdf3411f362c8fb753e89bac4c99215ea94a4d8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "flutter_keyboard_visibility": { + "dependency": "direct main", + "description": { + "name": "flutter_keyboard_visibility", + "sha256": "98664be7be0e3ffca00de50f7f6a287ab62c763fc8c762e0a21584584a3ff4f8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "flutter_keyboard_visibility_linux": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_linux", + "sha256": "6fba7cd9bb033b6ddd8c2beb4c99ad02d728f1e6e6d9b9446667398b2ac39f08", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.0" + }, + "flutter_keyboard_visibility_macos": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_macos", + "sha256": "c5c49b16fff453dfdafdc16f26bdd8fb8d55812a1d50b0ce25fc8d9f2e53d086", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.0" + }, + "flutter_keyboard_visibility_platform_interface": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_platform_interface", + "sha256": "e43a89845873f7be10cb3884345ceb9aebf00a659f479d1c8f4293fcb37022a4", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "flutter_keyboard_visibility_web": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_web", + "sha256": "d3771a2e752880c79203f8d80658401d0c998e4183edca05a149f5098ce6e3d1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "flutter_keyboard_visibility_windows": { + "dependency": "transitive", + "description": { + "name": "flutter_keyboard_visibility_windows", + "sha256": "fc4b0f0b6be9b93ae527f3d527fb56ee2d918cd88bbca438c478af7bcfd0ef73", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.0" + }, + "flutter_launcher_icons": { + "dependency": "direct dev", + "description": { + "name": "flutter_launcher_icons", + "sha256": "10f13781741a2e3972126fae08393d3c4e01fa4cd7473326b94b72cf594195e7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.14.4" + }, + "flutter_layout_grid": { + "dependency": "transitive", + "description": { + "name": "flutter_layout_grid", + "sha256": "739e568db97af031d528dfd8a80d333df0e5a310a126e087690fa42cd61dfb5f", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.8" + }, + "flutter_lints": { + "dependency": "direct dev", + "description": { + "name": "flutter_lints", + "sha256": "3105dc8492f6183fb076ccf1f351ac3d60564bff92e20bfc4af9cc1651f4e7e1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "flutter_local_notifications": { + "dependency": "direct main", + "description": { + "name": "flutter_local_notifications", + "sha256": "20ca0a9c82ce0c855ac62a2e580ab867f3fbea82680a90647f7953832d0850ae", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "19.4.0" + }, + "flutter_local_notifications_linux": { + "dependency": "transitive", + "description": { + "name": "flutter_local_notifications_linux", + "sha256": "e3c277b2daab8e36ac5a6820536668d07e83851aeeb79c446e525a70710770a5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "flutter_local_notifications_platform_interface": { + "dependency": "transitive", + "description": { + "name": "flutter_local_notifications_platform_interface", + "sha256": "277d25d960c15674ce78ca97f57d0bae2ee401c844b6ac80fcd972a9c99d09fe", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "9.1.0" + }, + "flutter_local_notifications_windows": { + "dependency": "transitive", + "description": { + "name": "flutter_local_notifications_windows", + "sha256": "ed46d7ae4ec9d19e4c8fa2badac5fe27ba87a3fe387343ce726f927af074ec98", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.2" + }, + "flutter_localizations": { + "dependency": "direct main", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_openssl_crypto": { + "dependency": "direct main", + "description": { + "name": "flutter_openssl_crypto", + "sha256": "293b4fcda13ab0710645a16e82f3d5b7de19bfc0ab2d06bcdb87637222eda5e1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.5.0" + }, + "flutter_plugin_android_lifecycle": { + "dependency": "transitive", + "description": { + "name": "flutter_plugin_android_lifecycle", + "sha256": "6382ce712ff69b0f719640ce957559dde459e55ecd433c767e06d139ddf16cab", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.29" + }, + "flutter_rust_bridge": { + "dependency": "transitive", + "description": { + "name": "flutter_rust_bridge", + "sha256": "b416ff56002789e636244fb4cc449f587656eff995e5a7169457eb0593fcaddb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.10.0" + }, + "flutter_secure_storage": { + "dependency": "direct main", + "description": { + "name": "flutter_secure_storage", + "sha256": "f7eceb0bc6f4fd0441e29d43cab9ac2a1c5ffd7ea7b64075136b718c46954874", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "10.0.0-beta.4" + }, + "flutter_secure_storage_darwin": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_darwin", + "sha256": "f226f2a572bed96bc6542198ebaec227150786e34311d455a7e2d3d06d951845", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.0" + }, + "flutter_secure_storage_linux": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_linux", + "sha256": "9b4b73127e857cd3117d43a70fa3dddadb6e0b253be62e6a6ab85caa0742182c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "flutter_secure_storage_platform_interface": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_platform_interface", + "sha256": "8ceea1223bee3c6ac1a22dabd8feefc550e4729b3675de4b5900f55afcb435d6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "flutter_secure_storage_web": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_web", + "sha256": "4c3f233e739545c6cb09286eeec1cc4744138372b985113acc904f7263bef517", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "flutter_secure_storage_windows": { + "dependency": "transitive", + "description": { + "name": "flutter_secure_storage_windows", + "sha256": "ff32af20f70a8d0e59b2938fc92de35b54a74671041c814275afd80e27df9f21", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.0" + }, + "flutter_svg": { + "dependency": "direct main", + "description": { + "name": "flutter_svg", + "sha256": "cd57f7969b4679317c17af6fd16ee233c1e60a82ed209d8a475c54fd6fd6f845", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.0" + }, + "flutter_test": { + "dependency": "direct dev", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_typeahead": { + "dependency": "direct main", + "description": { + "name": "flutter_typeahead", + "sha256": "d64712c65db240b1057559b952398ebb6e498077baeebf9b0731dade62438a6d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.2.0" + }, + "flutter_vodozemac": { + "dependency": "direct main", + "description": { + "name": "flutter_vodozemac", + "sha256": "2405ca121b84d1cd83200a14021022e1691b123a23bcefc36adc7740cefbc1f9", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.2" + }, + "flutter_web_plugins": { + "dependency": "transitive", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "flutter_zxing": { + "dependency": "direct main", + "description": { + "name": "flutter_zxing", + "sha256": "dbcd89da2c9aa84f48d7d7e1ba436825f8656a69b142abb7bcdb7c2d9c22d48c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.1" + }, + "frontend_server_client": { + "dependency": "transitive", + "description": { + "name": "frontend_server_client", + "sha256": "f64a0333a82f30b0cca061bc3d143813a486dc086b574bfb233b7c1372427694", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.0.0" + }, + "fuchsia_remote_debug_protocol": { + "dependency": "transitive", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "glob": { + "dependency": "transitive", + "description": { + "name": "glob", + "sha256": "c3f1ee72c96f8f78935e18aa8cecced9ab132419e8625dc187e1c2408efc20de", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.3" + }, + "go_router": { + "dependency": "direct main", + "description": { + "name": "go_router", + "sha256": "8b1f37dfaf6e958c6b872322db06f946509433bec3de753c3491a42ae9ec2b48", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "16.1.0" + }, + "gtk": { + "dependency": "transitive", + "description": { + "name": "gtk", + "sha256": "e8ce9ca4b1df106e4d72dad201d345ea1a036cc12c360f1a7d5a758f78ffa42c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "highlighting": { + "dependency": "direct main", + "description": { + "name": "highlighting", + "sha256": "196005ed9c98ee559939fcecd466fa941b9e99b3a93394691b86780ad4da50f3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.9.0+11.8.0" + }, + "html": { + "dependency": "direct main", + "description": { + "name": "html", + "sha256": "6d1264f2dffa1b1101c25a91dff0dc2daee4c18e87cd8538729773c073dbf602", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.15.6" + }, + "html_unescape": { + "dependency": "transitive", + "description": { + "name": "html_unescape", + "sha256": "15362d7a18f19d7b742ef8dcb811f5fd2a2df98db9f80ea393c075189e0b61e3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "http": { + "dependency": "direct main", + "description": { + "name": "http", + "sha256": "bb2ce4590bc2667c96f318d68cac1b5a7987ec819351d32b1c987239a815e007", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.5.0" + }, + "http_parser": { + "dependency": "transitive", + "description": { + "name": "http_parser", + "sha256": "178d74305e7866013777bab2c3d8726205dc5a4dd935297175b19a23a2e66571", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.1.2" + }, + "http_profile": { + "dependency": "transitive", + "description": { + "name": "http_profile", + "sha256": "7e679e355b09aaee2ab5010915c932cce3f2d1c11c3b2dc177891687014ffa78", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.0" + }, + "image": { + "dependency": "direct main", + "description": { + "name": "image", + "sha256": "4e973fcf4caae1a4be2fa0a13157aa38a8f9cb049db6529aa00b4d71abc4d928", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.5.4" + }, + "image_picker": { + "dependency": "direct main", + "description": { + "name": "image_picker", + "sha256": "021834d9c0c3de46bf0fe40341fa07168407f694d9b2bb18d532dc1261867f7a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "image_picker_android": { + "dependency": "transitive", + "description": { + "name": "image_picker_android", + "sha256": "b08e9a04d0f8d91f4a6e767a745b9871bfbc585410205c311d0492de20a7ccd6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.8.12+25" + }, + "image_picker_for_web": { + "dependency": "transitive", + "description": { + "name": "image_picker_for_web", + "sha256": "717eb042ab08c40767684327be06a5d8dbb341fe791d514e4b92c7bbe1b7bb83", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.6" + }, + "image_picker_ios": { + "dependency": "transitive", + "description": { + "name": "image_picker_ios", + "sha256": "05da758e67bc7839e886b3959848aa6b44ff123ab4b28f67891008afe8ef9100", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.8.12+2" + }, + "image_picker_linux": { + "dependency": "transitive", + "description": { + "name": "image_picker_linux", + "sha256": "34a65f6740df08bbbeb0a1abd8e6d32107941fd4868f67a507b25601651022c9", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.1+2" + }, + "image_picker_macos": { + "dependency": "transitive", + "description": { + "name": "image_picker_macos", + "sha256": "1b90ebbd9dcf98fb6c1d01427e49a55bd96b5d67b8c67cf955d60a5de74207c1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.1+2" + }, + "image_picker_platform_interface": { + "dependency": "transitive", + "description": { + "name": "image_picker_platform_interface", + "sha256": "886d57f0be73c4b140004e78b9f28a8914a09e50c2d816bdd0520051a71236a0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.10.1" + }, + "image_picker_windows": { + "dependency": "transitive", + "description": { + "name": "image_picker_windows", + "sha256": "6ad07afc4eb1bc25f3a01084d28520496c4a3bb0cb13685435838167c9dcedeb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.1+1" + }, + "import_sorter": { + "dependency": "direct main", + "description": { + "name": "import_sorter", + "sha256": "eb15738ccead84e62c31e0208ea4e3104415efcd4972b86906ca64a1187d0836", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.6.0" + }, + "integration_test": { + "dependency": "direct dev", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "intl": { + "dependency": "direct main", + "description": { + "name": "intl", + "sha256": "3df61194eb431efc39c4ceba583b95633a403f46c9fd341e550ce0bfa50e9aa5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.20.2" + }, + "io": { + "dependency": "transitive", + "description": { + "name": "io", + "sha256": "dfd5a80599cf0165756e3181807ed3e77daf6dd4137caaad72d0b7931597650b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.5" + }, + "js": { + "dependency": "transitive", + "description": { + "name": "js", + "sha256": "f2c445dce49627136094980615a031419f7f3eb393237e4ecd97ac15dea343f3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.7" + }, + "json_annotation": { + "dependency": "transitive", + "description": { + "name": "json_annotation", + "sha256": "1ce844379ca14835a50d2f019a3099f419082cfdd231cd86a142af94dd5c6bb1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.9.0" + }, + "just_audio": { + "dependency": "direct main", + "description": { + "name": "just_audio", + "sha256": "679637a3ec5b6e00f36472f5a3663667df00ee4822cbf5dafca0f568c710960a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.4" + }, + "just_audio_media_kit": { + "dependency": "direct main", + "description": { + "name": "just_audio_media_kit", + "sha256": "f3cf04c3a50339709e87e90b4e841eef4364ab4be2bdbac0c54cc48679f84d23", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "just_audio_platform_interface": { + "dependency": "transitive", + "description": { + "name": "just_audio_platform_interface", + "sha256": "2532c8d6702528824445921c5ff10548b518b13f808c2e34c2fd54793b999a6a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.6.0" + }, + "just_audio_web": { + "dependency": "transitive", + "description": { + "name": "just_audio_web", + "sha256": "6ba8a2a7e87d57d32f0f7b42856ade3d6a9fbe0f1a11fabae0a4f00bb73f0663", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.16" + }, + "just_waveform": { + "dependency": "direct main", + "description": { + "name": "just_waveform", + "sha256": "8c65acd24f13b866e3377f07f8869e823f3f2d8b734938f4e6688075af40b4f2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.0.7" + }, + "leak_tracker": { + "dependency": "transitive", + "description": { + "name": "leak_tracker", + "sha256": "6bb818ecbdffe216e81182c2f0714a2e62b593f4a4f13098713ff1685dfb6ab0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "10.0.9" + }, + "leak_tracker_flutter_testing": { + "dependency": "transitive", + "description": { + "name": "leak_tracker_flutter_testing", + "sha256": "f8b613e7e6a13ec79cfdc0e97638fddb3ab848452eff057653abd3edba760573", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.9" + }, + "leak_tracker_testing": { + "dependency": "transitive", + "description": { + "name": "leak_tracker_testing", + "sha256": "6ba465d5d76e67ddf503e1161d1f4a6bc42306f9d66ca1e8f079a47290fb06d3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.1" + }, + "linkify": { + "dependency": "direct main", + "description": { + "name": "linkify", + "sha256": "4139ea77f4651ab9c315b577da2dd108d9aa0bd84b5d03d33323f1970c645832", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.0.0" + }, + "lints": { + "dependency": "transitive", + "description": { + "name": "lints", + "sha256": "a5e2b223cb7c9c8efdc663ef484fdd95bb243bff242ef5b13e26883547fce9a0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.0" + }, + "list_counter": { + "dependency": "transitive", + "description": { + "name": "list_counter", + "sha256": "c447ae3dfcd1c55f0152867090e67e219d42fe6d4f2807db4bbe8b8d69912237", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.2" + }, + "locale_names": { + "dependency": "direct main", + "description": { + "name": "locale_names", + "sha256": "7a89ca54072f4f13d0f5df5a9ba69337554bf2fd057d1dd2a238898f3f159374", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.1" + }, + "logging": { + "dependency": "transitive", + "description": { + "name": "logging", + "sha256": "c8245ada5f1717ed44271ed1c26b8ce85ca3228fd2ffdb75468ab01979309d61", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.0" + }, + "lottie": { + "dependency": "direct main", + "description": { + "name": "lottie", + "sha256": "c5fa04a80a620066c15cf19cc44773e19e9b38e989ff23ea32e5903ef1015950", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.3.1" + }, + "markdown": { + "dependency": "transitive", + "description": { + "name": "markdown", + "sha256": "935e23e1ff3bc02d390bad4d4be001208ee92cc217cb5b5a6c19bc14aaa318c1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.3.0" + }, + "matcher": { + "dependency": "transitive", + "description": { + "name": "matcher", + "sha256": "dc58c723c3c24bf8d3e2d3ad3f2f9d7bd9cf43ec6feaa64181775e60190153f2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.12.17" + }, + "material_color_utilities": { + "dependency": "transitive", + "description": { + "name": "material_color_utilities", + "sha256": "f7142bb1154231d7ea5f96bc7bde4bda2a0945d2806bb11670e30b850d56bdec", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.11.1" + }, + "matrix": { + "dependency": "direct main", + "description": { + "path": ".", + "ref": "braid/msc3861-native-oidc", + "resolved-ref": "82ad90573e0e5e1ccb2cf1e669a5861bd6db351c", + "url": "https://github.com/TheOneWithTheBraid/matrix-dart-sdk.git" + }, + "source": "git", + "version": "1.1.0" + }, + "matrix_homeserver_recommendations": { + "dependency": "direct main", + "description": { + "name": "matrix_homeserver_recommendations", + "sha256": "48cd67146dd80b925c1cce1604da4712e7963b490d31801bad70b51ff8e30cd2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.1" + }, + "media_kit": { + "dependency": "direct main", + "description": { + "path": "media_kit", + "ref": "braid/stub-template", + "resolved-ref": "215972e56ceb6036b51d1dc8803d5e0ab489bfe1", + "url": "https://github.com/TheOneWithTheBraid/media-kit.git" + }, + "source": "git", + "version": "1.2.0" + }, + "media_kit_libs_android_video": { + "dependency": "direct overridden", + "description": { + "path": "libs/android/media_kit_libs_android_video", + "ref": "main", + "resolved-ref": "ad84c59faa2b871926cb31516bdeec65d7676884", + "url": "https://github.com/Predidit/media-kit.git" + }, + "source": "git", + "version": "1.3.6" + }, + "media_kit_libs_ios_video": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_ios_video", + "sha256": "b5382994eb37a4564c368386c154ad70ba0cc78dacdd3fb0cd9f30db6d837991", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.4" + }, + "media_kit_libs_linux": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_linux", + "sha256": "2b473399a49ec94452c4d4ae51cfc0f6585074398d74216092bf3d54aac37ecf", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.1" + }, + "media_kit_libs_macos_video": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_macos_video", + "sha256": "f26aa1452b665df288e360393758f84b911f70ffb3878032e1aabba23aa1032d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.4" + }, + "media_kit_libs_video": { + "dependency": "direct main", + "description": { + "name": "media_kit_libs_video", + "sha256": "958cc55e7065d9d01f52a2842dab2a0812a92add18489f1006d864fb5e42a3ef", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.6" + }, + "media_kit_libs_windows_video": { + "dependency": "transitive", + "description": { + "name": "media_kit_libs_windows_video", + "sha256": "dff76da2778729ab650229e6b4ec6ec111eb5151431002cbd7ea304ff1f112ab", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.11" + }, + "media_kit_video": { + "dependency": "direct main", + "description": { + "name": "media_kit_video", + "sha256": "a656a9463298c1adc64c57f2d012874f7f2900f0c614d9545a3e7b8bb9e2137b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.0" + }, + "media_store_plus": { + "dependency": "direct main", + "description": { + "name": "media_store_plus", + "sha256": "4b4971365e00a4ed9fde14abf40d7c27475b66b8bba9bf43478ae2ecb449df20", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.1.3" + }, + "meta": { + "dependency": "transitive", + "description": { + "name": "meta", + "sha256": "e3641ec5d63ebf0d9b41bd43201a66e3fc79a65db5f61fc181f04cd27aab950c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.16.0" + }, + "mime": { + "dependency": "direct main", + "description": { + "name": "mime", + "sha256": "41a20518f0cb1256669420fdba0cd90d21561e560ac240f26ef8322e45bb7ed6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "objective_c": { + "dependency": "transitive", + "description": { + "name": "objective_c", + "sha256": "9f034ba1eeca53ddb339bc8f4813cb07336a849cd735559b60cdc068ecce2dc7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.1.0" + }, + "package_config": { + "dependency": "transitive", + "description": { + "name": "package_config", + "sha256": "f096c55ebb7deb7e384101542bfba8c52696c1b56fca2eb62827989ef2353bbc", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.0" + }, + "package_info_plus": { + "dependency": "transitive", + "description": { + "name": "package_info_plus", + "sha256": "16eee997588c60225bda0488b6dcfac69280a6b7a3cf02c741895dd370a02968", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "8.3.1" + }, + "package_info_plus_platform_interface": { + "dependency": "transitive", + "description": { + "name": "package_info_plus_platform_interface", + "sha256": "202a487f08836a592a6bd4f901ac69b3a8f146af552bbd14407b6b41e1c3f086", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.1" + }, + "path": { + "dependency": "transitive", + "description": { + "name": "path", + "sha256": "75cca69d1490965be98c73ceaea117e8a04dd21217b37b292c9ddbec0d955bc5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.9.1" + }, + "path_parsing": { + "dependency": "transitive", + "description": { + "name": "path_parsing", + "sha256": "883402936929eac138ee0a45da5b0f2c80f89913e6dc3bf77eb65b84b409c6ca", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.0" + }, + "path_provider": { + "dependency": "direct main", + "description": { + "name": "path_provider", + "sha256": "50c5dd5b6e1aaf6fb3a78b33f6aa3afca52bf903a8a5298f53101fdaee55bbcd", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.5" + }, + "path_provider_android": { + "dependency": "transitive", + "description": { + "name": "path_provider_android", + "sha256": "d0d310befe2c8ab9e7f393288ccbb11b60c019c6b5afc21973eeee4dda2b35e9", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.17" + }, + "path_provider_foundation": { + "dependency": "transitive", + "description": { + "name": "path_provider_foundation", + "sha256": "4843174df4d288f5e29185bd6e72a6fbdf5a4a4602717eed565497429f179942", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.1" + }, + "path_provider_linux": { + "dependency": "transitive", + "description": { + "name": "path_provider_linux", + "sha256": "f7a1fe3a634fe7734c8d3f2766ad746ae2a2884abe22e241a8b301bf5cac3279", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.1" + }, + "path_provider_platform_interface": { + "dependency": "transitive", + "description": { + "name": "path_provider_platform_interface", + "sha256": "88f5779f72ba699763fa3a3b06aa4bf6de76c8e5de842cf6f29e2e06476c2334", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "path_provider_windows": { + "dependency": "transitive", + "description": { + "name": "path_provider_windows", + "sha256": "bd6f00dbd873bfb70d0761682da2b3a2c2fccc2b9e84c495821639601d81afe7", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.0" + }, + "petitparser": { + "dependency": "transitive", + "description": { + "name": "petitparser", + "sha256": "07c8f0b1913bcde1ff0d26e57ace2f3012ccbf2b204e070290dad3bb22797646", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.1.0" + }, + "platform": { + "dependency": "transitive", + "description": { + "name": "platform", + "sha256": "5d6b1b0036a5f331ebc77c850ebc8506cbc1e9416c27e59b439f917a902a4984", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.6" + }, + "plugin_platform_interface": { + "dependency": "transitive", + "description": { + "name": "plugin_platform_interface", + "sha256": "4820fbfdb9478b1ebae27888254d445073732dae3d6ea81f0b7e06d5dedc3f02", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.8" + }, + "pointer_interceptor": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor", + "sha256": "57210410680379aea8b1b7ed6ae0c3ad349bfd56fe845b8ea934a53344b9d523", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.1+2" + }, + "pointer_interceptor_ios": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor_ios", + "sha256": "a6906772b3205b42c44614fcea28f818b1e5fdad73a4ca742a7bd49818d9c917", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.1" + }, + "pointer_interceptor_platform_interface": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor_platform_interface", + "sha256": "0597b0560e14354baeb23f8375cd612e8bd4841bf8306ecb71fcd0bb78552506", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.0+1" + }, + "pointer_interceptor_web": { + "dependency": "transitive", + "description": { + "name": "pointer_interceptor_web", + "sha256": "460b600e71de6fcea2b3d5f662c92293c049c4319e27f0829310e5a953b3ee2a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.3" + }, + "pool": { + "dependency": "transitive", + "description": { + "name": "pool", + "sha256": "20fe868b6314b322ea036ba325e6fc0711a22948856475e2c2b6306e8ab39c2a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.5.1" + }, + "posix": { + "dependency": "transitive", + "description": { + "name": "posix", + "sha256": "6323a5b0fa688b6a010df4905a56b00181479e6d10534cecfecede2aa55add61", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.3" + }, + "process": { + "dependency": "transitive", + "description": { + "name": "process", + "sha256": "107d8be718f120bbba9dcd1e95e3bd325b1b4a4f07db64154635ba03f2567a0d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.0.3" + }, + "pub_semver": { + "dependency": "transitive", + "description": { + "name": "pub_semver", + "sha256": "5bfcf68ca79ef689f8990d1160781b4bad40a3bd5e5218ad4076ddb7f4081585", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.2.0" + }, + "qr": { + "dependency": "transitive", + "description": { + "name": "qr", + "sha256": "5a1d2586170e172b8a8c8470bbbffd5eb0cd38a66c0d77155ea138d3af3a4445", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.2" + }, + "quiver": { + "dependency": "transitive", + "description": { + "name": "quiver", + "sha256": "ea0b925899e64ecdfbf9c7becb60d5b50e706ade44a85b2363be2a22d88117d2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.2" + }, + "random_string": { + "dependency": "transitive", + "description": { + "name": "random_string", + "sha256": "03b52435aae8cbdd1056cf91bfc5bf845e9706724dd35ae2e99fa14a1ef79d02", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.1" + }, + "receive_sharing_intent": { + "dependency": "direct main", + "description": { + "name": "receive_sharing_intent", + "sha256": "ec76056e4d258ad708e76d85591d933678625318e411564dcb9059048ca3a593", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.8.1" + }, + "rxdart": { + "dependency": "transitive", + "description": { + "name": "rxdart", + "sha256": "5c3004a4a8dbb94bd4bf5412a4def4acdaa12e12f269737a5751369e12d1a962", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.28.0" + }, + "safe_local_storage": { + "dependency": "transitive", + "description": { + "name": "safe_local_storage", + "sha256": "e9a21b6fec7a8aa62cc2585ff4c1b127df42f3185adbd2aca66b47abe2e80236", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "screen_brightness_android": { + "dependency": "transitive", + "description": { + "name": "screen_brightness_android", + "sha256": "fb5fa43cb89d0c9b8534556c427db1e97e46594ac5d66ebdcf16063b773d54ed", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "screen_brightness_platform_interface": { + "dependency": "transitive", + "description": { + "name": "screen_brightness_platform_interface", + "sha256": "737bd47b57746bc4291cab1b8a5843ee881af499514881b0247ec77447ee769c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.0" + }, + "sdp_transform": { + "dependency": "transitive", + "description": { + "name": "sdp_transform", + "sha256": "73e412a5279a5c2de74001535208e20fff88f225c9a4571af0f7146202755e45", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.2" + }, + "sentry": { + "dependency": "direct main", + "description": { + "name": "sentry", + "sha256": "d9f3dcf1ecdd600cf9ce134f622383adde5423ecfdaf0ca9b20fbc1c44849337", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "9.6.0" + }, + "share_plus": { + "dependency": "direct main", + "description": { + "name": "share_plus", + "sha256": "d7dc0630a923883c6328ca31b89aa682bacbf2f8304162d29f7c6aaff03a27a1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "11.1.0" + }, + "share_plus_platform_interface": { + "dependency": "transitive", + "description": { + "name": "share_plus_platform_interface", + "sha256": "88023e53a13429bd65d8e85e11a9b484f49d4c190abbd96c7932b74d6927cc9a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.1.0" + }, + "sky_engine": { + "dependency": "transitive", + "description": "flutter", + "source": "sdk", + "version": "0.0.0" + }, + "slugify": { + "dependency": "transitive", + "description": { + "name": "slugify", + "sha256": "b272501565cb28050cac2d96b7bf28a2d24c8dae359280361d124f3093d337c3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.0" + }, + "source_map_stack_trace": { + "dependency": "transitive", + "description": { + "name": "source_map_stack_trace", + "sha256": "c0713a43e323c3302c2abe2a1cc89aa057a387101ebd280371d6a6c9fa68516b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.2" + }, + "source_maps": { + "dependency": "transitive", + "description": { + "name": "source_maps", + "sha256": "190222579a448b03896e0ca6eca5998fa810fda630c1d65e2f78b3f638f54812", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.13" + }, + "source_span": { + "dependency": "transitive", + "description": { + "name": "source_span", + "sha256": "254ee5351d6cb365c859e20ee823c3bb479bf4a293c22d17a9f1bf144ce86f7c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.10.1" + }, + "sprintf": { + "dependency": "transitive", + "description": { + "name": "sprintf", + "sha256": "1fc9ffe69d4df602376b52949af107d8f5703b77cda567c4d7d86a0693120f23", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "7.0.0" + }, + "sqflite": { + "dependency": "direct main", + "description": { + "name": "sqflite", + "sha256": "e2297b1da52f127bc7a3da11439985d9b536f75070f3325e62ada69a5c585d03", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.2" + }, + "sqflite_android": { + "dependency": "transitive", + "description": { + "name": "sqflite_android", + "sha256": "2b3070c5fa881839f8b402ee4a39c1b4d561704d4ebbbcfb808a119bc2a1701b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.1" + }, + "sqflite_common": { + "dependency": "transitive", + "description": { + "name": "sqflite_common", + "sha256": "6ef422a4525ecc601db6c0a2233ff448c731307906e92cabc9ba292afaae16a6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.5.6" + }, + "sqflite_common_ffi": { + "dependency": "direct main", + "description": { + "name": "sqflite_common_ffi", + "sha256": "9faa2fedc5385ef238ce772589f7718c24cdddd27419b609bb9c6f703ea27988", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.6" + }, + "sqflite_darwin": { + "dependency": "transitive", + "description": { + "name": "sqflite_darwin", + "sha256": "279832e5cde3fe99e8571879498c9211f3ca6391b0d818df4e17d9fff5c6ccb3", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.2" + }, + "sqflite_platform_interface": { + "dependency": "transitive", + "description": { + "name": "sqflite_platform_interface", + "sha256": "8dd4515c7bdcae0a785b0062859336de775e8c65db81ae33dd5445f35be61920", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.0" + }, + "sqlcipher_flutter_libs": { + "dependency": "direct main", + "description": { + "name": "sqlcipher_flutter_libs", + "sha256": "dd1fcc74d5baf3c36ad53e2652b2d06c9f8747494a3ccde0076e88b159dfe622", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.8" + }, + "sqlite3": { + "dependency": "transitive", + "description": { + "name": "sqlite3", + "sha256": "f393d92c71bdcc118d6203d07c991b9be0f84b1a6f89dd4f7eed348131329924", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.9.0" + }, + "stack_trace": { + "dependency": "transitive", + "description": { + "name": "stack_trace", + "sha256": "8b27215b45d22309b5cddda1aa2b19bdfec9df0e765f2de506401c071d38d1b1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.12.1" + }, + "stream_channel": { + "dependency": "transitive", + "description": { + "name": "stream_channel", + "sha256": "969e04c80b8bcdf826f8f16579c7b14d780458bd97f56d107d3950fdbeef059d", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.4" + }, + "stream_transform": { + "dependency": "transitive", + "description": { + "name": "stream_transform", + "sha256": "ad47125e588cfd37a9a7f86c7d6356dde8dfe89d071d293f80ca9e9273a33871", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.1" + }, + "string_scanner": { + "dependency": "transitive", + "description": { + "name": "string_scanner", + "sha256": "921cd31725b72fe181906c6a94d987c78e3b98c2e205b397ea399d4054872b43", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.4.1" + }, + "sync_http": { + "dependency": "transitive", + "description": { + "name": "sync_http", + "sha256": "7f0cd72eca000d2e026bcd6f990b81d0ca06022ef4e32fb257b30d3d1014a961", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.1" + }, + "synchronized": { + "dependency": "transitive", + "description": { + "name": "synchronized", + "sha256": "c254ade258ec8282947a0acbbc90b9575b4f19673533ee46f2f6e9b3aeefd7c0", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.4.0" + }, + "term_glyph": { + "dependency": "transitive", + "description": { + "name": "term_glyph", + "sha256": "7f554798625ea768a7518313e58f83891c7f5024f88e46e7182a4558850a4b8e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.2" + }, + "test_api": { + "dependency": "transitive", + "description": { + "name": "test_api", + "sha256": "fb31f383e2ee25fbbfe06b40fe21e1e458d14080e3c67e7ba0acfde4df4e0bbd", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.7.4" + }, + "test_core": { + "dependency": "transitive", + "description": { + "name": "test_core", + "sha256": "84d17c3486c8dfdbe5e12a50c8ae176d15e2a771b96909a9442b40173649ccaa", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.6.8" + }, + "timezone": { + "dependency": "transitive", + "description": { + "name": "timezone", + "sha256": "dd14a3b83cfd7cb19e7888f1cbc20f258b8d71b54c06f79ac585f14093a287d1", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.10.1" + }, + "tint": { + "dependency": "transitive", + "description": { + "name": "tint", + "sha256": "9652d9a589f4536d5e392cf790263d120474f15da3cf1bee7f1fdb31b4de5f46", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.1" + }, + "tuple": { + "dependency": "transitive", + "description": { + "name": "tuple", + "sha256": "a97ce2013f240b2f3807bcbaf218765b6f301c3eff91092bcfa23a039e7dd151", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.0.2" + }, + "typed_data": { + "dependency": "transitive", + "description": { + "name": "typed_data", + "sha256": "f9049c039ebfeb4cf7a7104a675823cd72dba8297f264b6637062516699fa006", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.4.0" + }, + "unifiedpush": { + "dependency": "direct main", + "description": { + "name": "unifiedpush", + "sha256": "1418375efb580af9640de4eaf4209cb6481f9a48792648ced3051f30e67d9568", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.0.2" + }, + "unifiedpush_android": { + "dependency": "transitive", + "description": { + "name": "unifiedpush_android", + "sha256": "2f25db8eb2fc3183bf2e43db89fff20b2587adc1c361e1d1e06b223a0d45b50a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.1" + }, + "unifiedpush_platform_interface": { + "dependency": "transitive", + "description": { + "name": "unifiedpush_platform_interface", + "sha256": "bb49d2748211520e35e0374ab816faa8a2c635267e71909d334ad868d532eba5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.1" + }, + "universal_platform": { + "dependency": "transitive", + "description": { + "name": "universal_platform", + "sha256": "64e16458a0ea9b99260ceb5467a214c1f298d647c659af1bff6d3bf82536b1ec", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.0" + }, + "unorm_dart": { + "dependency": "direct main", + "description": { + "name": "unorm_dart", + "sha256": "5b35bff83fce4d76467641438f9e867dc9bcfdb8c1694854f230579d68cd8f4b", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.0" + }, + "uri_parser": { + "dependency": "transitive", + "description": { + "name": "uri_parser", + "sha256": "ff4d2c720aca3f4f7d5445e23b11b2d15ef8af5ddce5164643f38ff962dcb270", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.0.0" + }, + "url_launcher": { + "dependency": "direct main", + "description": { + "name": "url_launcher", + "sha256": "f6a7e5c4835bb4e3026a04793a4199ca2d14c739ec378fdfe23fc8075d0439f8", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.3.2" + }, + "url_launcher_android": { + "dependency": "transitive", + "description": { + "name": "url_launcher_android", + "sha256": "0aedad096a85b49df2e4725fa32118f9fa580f3b14af7a2d2221896a02cd5656", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.3.17" + }, + "url_launcher_ios": { + "dependency": "transitive", + "description": { + "name": "url_launcher_ios", + "sha256": "7f2022359d4c099eea7df3fdf739f7d3d3b9faf3166fb1dd390775176e0b76cb", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.3.3" + }, + "url_launcher_linux": { + "dependency": "transitive", + "description": { + "name": "url_launcher_linux", + "sha256": "4e9ba368772369e3e08f231d2301b4ef72b9ff87c31192ef471b380ef29a4935", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.1" + }, + "url_launcher_macos": { + "dependency": "transitive", + "description": { + "name": "url_launcher_macos", + "sha256": "17ba2000b847f334f16626a574c702b196723af2a289e7a93ffcb79acff855c2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.2.2" + }, + "url_launcher_platform_interface": { + "dependency": "transitive", + "description": { + "name": "url_launcher_platform_interface", + "sha256": "552f8a1e663569be95a8190206a38187b531910283c3e982193e4f2733f01029", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.3.2" + }, + "url_launcher_web": { + "dependency": "transitive", + "description": { + "name": "url_launcher_web", + "sha256": "4bd2b7b4dc4d4d0b94e5babfffbca8eac1a126c7f3d6ecbc1a11013faa3abba2", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.4.1" + }, + "url_launcher_windows": { + "dependency": "transitive", + "description": { + "name": "url_launcher_windows", + "sha256": "3284b6d2ac454cf34f114e1d3319866fdd1e19cdc329999057e44ffe936cfa77", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.4" + }, + "uuid": { + "dependency": "transitive", + "description": { + "name": "uuid", + "sha256": "a5be9ef6618a7ac1e964353ef476418026db906c4facdedaa299b7a2e71690ff", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "4.5.1" + }, + "vector_graphics": { + "dependency": "transitive", + "description": { + "name": "vector_graphics", + "sha256": "a4f059dc26fc8295b5921376600a194c4ec7d55e72f2fe4c7d2831e103d461e6", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.19" + }, + "vector_graphics_codec": { + "dependency": "transitive", + "description": { + "name": "vector_graphics_codec", + "sha256": "99fd9fbd34d9f9a32efd7b6a6aae14125d8237b10403b422a6a6dfeac2806146", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.13" + }, + "vector_graphics_compiler": { + "dependency": "transitive", + "description": { + "name": "vector_graphics_compiler", + "sha256": "557a315b7d2a6dbb0aaaff84d857967ce6bdc96a63dc6ee2a57ce5a6ee5d3331", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.17" + }, + "vector_math": { + "dependency": "transitive", + "description": { + "name": "vector_math", + "sha256": "80b3257d1492ce4d091729e3a67a60407d227c27241d6927be0130c98e741803", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "2.1.4" + }, + "visibility_detector": { + "dependency": "direct main", + "description": { + "name": "visibility_detector", + "sha256": "dd5cc11e13494f432d15939c3aa8ae76844c42b723398643ce9addb88a5ed420", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.4.0+2" + }, + "vm_service": { + "dependency": "transitive", + "description": { + "name": "vm_service", + "sha256": "ddfa8d30d89985b96407efce8acbdd124701f96741f2d981ca860662f1c0dc02", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "15.0.0" + }, + "vodozemac": { + "dependency": "direct main", + "description": { + "name": "vodozemac", + "sha256": "dba14017e042748fb22d270e8ab1d3e46965b89788dd3857dba938ec07571968", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.2.0" + }, + "volume_controller": { + "dependency": "transitive", + "description": { + "name": "volume_controller", + "sha256": "d75039e69c0d90e7810bfd47e3eedf29ff8543ea7a10392792e81f9bded7edf5", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.4.0" + }, + "wakelock_plus": { + "dependency": "transitive", + "description": { + "name": "wakelock_plus", + "sha256": "a474e314c3e8fb5adef1f9ae2d247e57467ad557fa7483a2b895bc1b421c5678", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.3.2" + }, + "wakelock_plus_platform_interface": { + "dependency": "transitive", + "description": { + "name": "wakelock_plus_platform_interface", + "sha256": "e10444072e50dbc4999d7316fd303f7ea53d31c824aa5eb05d7ccbdd98985207", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.3" + }, + "watcher": { + "dependency": "transitive", + "description": { + "name": "watcher", + "sha256": "0b7fd4a0bbc4b92641dbf20adfd7e3fd1398fe17102d94b674234563e110088a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.2" + }, + "web": { + "dependency": "direct main", + "description": { + "name": "web", + "sha256": "868d88a33d8a87b18ffc05f9f030ba328ffefba92d6c127917a2ba740f9cfe4a", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.1" + }, + "web_multiple_tab_detector": { + "dependency": "direct main", + "description": { + "name": "web_multiple_tab_detector", + "sha256": "a40d485720ea88b4e25311421d435906ba202ac33e35435403dc1c49c5ed7c4e", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "0.3.0" + }, + "web_socket": { + "dependency": "transitive", + "description": { + "name": "web_socket", + "sha256": "34d64019aa8e36bf9842ac014bb5d2f5586ca73df5e4d9bf5c936975cae6982c", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.0.1" + }, + "webdriver": { + "dependency": "transitive", + "description": { + "name": "webdriver", + "sha256": "2f3a14ca026957870cfd9c635b83507e0e51d8091568e90129fbf805aba7cade", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.0" + }, + "webrtc_interface": { + "dependency": "transitive", + "description": { + "name": "webrtc_interface", + "sha256": "86fe3afc81a08481dfb25cf14a5a94e27062ecef25544783f352c914e0bbc1ca", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.2.2+hotfix.2" + }, + "win32": { + "dependency": "transitive", + "description": { + "name": "win32", + "sha256": "66814138c3562338d05613a6e368ed8cfb237ad6d64a9e9334be3f309acfca03", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "5.14.0" + }, + "xdg_directories": { + "dependency": "transitive", + "description": { + "name": "xdg_directories", + "sha256": "7a3f37b05d989967cdddcbb571f1ea834867ae2faa29725fd085180e0883aa15", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "1.1.0" + }, + "xml": { + "dependency": "transitive", + "description": { + "name": "xml", + "sha256": "b015a8ad1c488f66851d762d3090a21c600e479dc75e68328c52774040cf9226", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "6.5.0" + }, + "yaml": { + "dependency": "transitive", + "description": { + "name": "yaml", + "sha256": "b9da305ac7c39faa3f030eccd175340f968459dae4af175130b3fc47e40d76ce", + "url": "https://pub.dev" + }, + "source": "hosted", + "version": "3.1.3" + } + }, + "sdks": { + "dart": ">=3.8.0 <4.0.0", + "flutter": ">=3.29.0" + } +} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 79f33510..68e5c717 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -38,5 +38,6 @@ ./davinci-resolve.nix ./gdx-liftoff.nix ./tor-browser.nix + ./polycule.nix ]; } diff --git a/modules/home-manager-modules/programs/polycule.nix b/modules/home-manager-modules/programs/polycule.nix new file mode 100644 index 00000000..a7004bd1 --- /dev/null +++ b/modules/home-manager-modules/programs/polycule.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + options.programs.polycule = { + enable = lib.mkEnableOption "enable polycule matrix client"; + package = lib.mkPackageOption pkgs "polycule" {}; + }; + + config = lib.mkIf config.programs.polycule.enable (lib.mkMerge [ + { + home.packages = [ + config.programs.polycule.package + ]; + } + ( + lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + # TODO: check that these are actually the correct folders + # directories = [ + # "${config.xdg.configHome}/polycule" + # "${config.xdg.dataHome}/polycule" + # "${config.xdg.cacheHome}/polycule" + # ]; + }; + } + ) + ]); +} From d4615fc4354c0e9c824a10485d096123ce34b32c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 12:51:20 -0500 Subject: [PATCH 861/932] chore: updated README --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e94eb587..dc74557c 100644 --- a/README.md +++ b/README.md @@ -74,4 +74,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home - make radarr, sonarr, and bazarr accessible over vpn - create some sort of service that allows uploading files to jellyfin - auto sort files into where they should go with some combination of filebot cli and picard cli -- graphana accessible though tailscale \ No newline at end of file +- graphana accessible though tailscale +- fix polycule package +- fix panoramax package +- actual instance +- intergrade radarr, sonarr, and bazarr \ No newline at end of file From 21edda5fe6eb75680abf3f4d478b00c006e845b3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 12:55:49 -0500 Subject: [PATCH 862/932] feat: added auto aproval for nixos mcp server settings --- README.md | 3 ++- .../home-manager/leyla/packages/vscode/default.nix | 13 ++++++++++++- .../programs/vscode/claudeDev.nix | 9 +++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dc74557c..d0cda108 100644 --- a/README.md +++ b/README.md @@ -78,4 +78,5 @@ nix multi user, multi system, configuration with `sops` secret management, `home - fix polycule package - fix panoramax package - actual instance -- intergrade radarr, sonarr, and bazarr \ No newline at end of file +- intergrade radarr, sonarr, and bazarr +- claude code MCP servers should bundle node with them so they work in all environments diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 981156b1..ba9e48a3 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -71,7 +71,18 @@ in { claudeDev = lib.mkIf ai-tooling-enabled { enable = true; mcp = { - nixos.enable = true; + nixos = { + enable = true; + autoApprove = { + nixos_search = true; + nixos_info = true; + home_manager_search = true; + home_manager_info = true; + darwin_search = true; + darwin_info = true; + nixos_flakes_search = true; + }; + }; eslint = { enable = true; autoApprove = { diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix index cebf6142..ffeaff3d 100644 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ b/modules/home-manager-modules/programs/vscode/claudeDev.nix @@ -72,6 +72,15 @@ in { mcp = { nixos = { enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; + autoApprove = { + nixos_search = lib.mkEnableOption "should the nixos_search tool be auto approved for the nixos MCP server"; + nixos_info = lib.mkEnableOption "should the nixos_info tool be auto approved for the nixos MCP server"; + home_manager_search = lib.mkEnableOption "should the home_manager_search tool be auto approved for the nixos MCP server"; + home_manager_info = lib.mkEnableOption "should the home_manager_info tool be auto approved for the nixos MCP server"; + darwin_search = lib.mkEnableOption "should the darwin_search tool be auto approved for the nixos MCP server"; + darwin_info = lib.mkEnableOption "should the darwin_info tool be auto approved for the nixos MCP server"; + nixos_flakes_search = lib.mkEnableOption "should the nixos_flakes_search tool be auto approved for the nixos MCP server"; + }; }; eslint = { enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; From c9bb9380b510ec0c9f50cf631e04e6170e866499 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 15:45:21 -0500 Subject: [PATCH 863/932] feat: fixed vpn on defiant --- .../nixos/defiant/configuration.nix | 108 ++++++++++++------ 1 file changed, 70 insertions(+), 38 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 401173ef..b16036b1 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -132,23 +132,24 @@ }; }; - # "20-wg0" = { - # netdevConfig = { - # Kind = "wireguard"; - # Name = "wg0"; - # }; - # wireguardConfig = { - # PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; - # ListenPort = 51820; - # }; - # wireguardPeers = [ - # { - # PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - # Endpoint = "185.230.126.146:51820"; - # AllowedIPs = ["0.0.0.0/0"]; - # } - # ]; - # }; + "20-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + ListenPort = 51820; + }; + wireguardPeers = [ + { + PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + Endpoint = "185.230.126.146:51820"; + # Allow all traffic but use policy routing to prevent system-wide VPN + AllowedIPs = ["0.0.0.0/0"]; + } + ]; + }; }; networks = { "40-bond0" = { @@ -163,36 +164,67 @@ "192.168.1.10/32" ]; - gateway = ["192.168.1.1"]; + # Set lower priority for default gateway to allow WireGuard interface binding + routes = [ + { + Destination = "0.0.0.0/0"; + Gateway = "192.168.1.1"; + Metric = 100; + } + ]; dns = ["192.168.1.1"]; }; - # For some reason this isn't working. It looks like traffic goes out and comes back but doesn't get correctly routed back to the wg interface on the return trip - # debugging steps: - # try sending data on the interface `ping -I wg0 8.8.8.8` - # view all traffic on the interface `sudo tshark -i wg0` - # see what applications are listening to port 14666 (thats what we currently have qbittorent set up to use) `ss -tuln | grep 14666` - # "50-wg0" = { - # matchConfig.Name = "wg0"; - # networkConfig = { - # DHCP = "no"; - # }; - # address = [ - # "10.2.0.2/32" - # ]; - # # routes = [ - # # { - # # Destination = "10.2.0.2/32"; - # # Gateway = "10.2.0.1"; - # # } - # # ]; - # }; + "50-wg0" = { + matchConfig.Name = "wg0"; + networkConfig = { + DHCP = "no"; + }; + address = [ + "10.2.0.2/32" + ]; + # Configure routing for application binding + routingPolicyRules = [ + { + # Route traffic from VPN interface through VPN table + From = "10.2.0.2/32"; + Table = 200; + Priority = 100; + } + ]; + routes = [ + { + # Direct route to VPN gateway + Destination = "10.2.0.1/32"; + Scope = "link"; + } + { + # Route VPN subnet through VPN gateway in custom table + Destination = "10.2.0.0/16"; + Gateway = "10.2.0.1"; + Table = 200; + } + { + # Route all traffic through VPN gateway in custom table + Destination = "0.0.0.0/0"; + Gateway = "10.2.0.1"; + Table = 200; + } + ]; + }; }; }; # limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory boot.kernelParams = ["zfs.zfs_arc_max=53687091200"]; + # Enable policy routing and source routing for application-specific VPN binding + boot.kernel.sysctl = { + "net.ipv4.conf.all.rp_filter" = 2; + "net.ipv4.conf.default.rp_filter" = 2; + "net.ipv4.conf.wg0.rp_filter" = 2; + }; + services = { # temp enable desktop environment for setup # Enable the X11 windowing system. From 03149db7ea58095fba9712d23e8e4e7179e69643 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 17:53:07 -0500 Subject: [PATCH 864/932] build: updated flake lock --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index b5607f63..080c2210 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1759291409, - "narHash": "sha256-eAzmD4ijeWCFy4YqArNmVu8901nLQLHr6dCv94yRrFk=", + "lastModified": 1759403080, + "narHash": "sha256-EteyL8KyG9R5xzqyOBzyag4n2cSemu61VFrl3opJSqE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f9c2e6b2eebdbe0e87236a63ea323c86da79b6c5", + "rev": "8af6dfcbcbf1115a4f5aeed77ff0db5d3c02caf0", "type": "gitlab" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1759284197, - "narHash": "sha256-NbaOzcxsUxNm+Dday5DlV6P9CzRAonY2DNcp056oWWc=", + "lastModified": 1759369908, + "narHash": "sha256-IIhaE6jAge64z+fIyi/8Vtu0JdTtapbp4CvwiuIkZ1E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "a87f796f1ed4b0a8babe9370791a66aac4864887", + "rev": "a66ad2141b1440a838ead278c6edfe8a4ce75e6c", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", + "lastModified": 1759381078, + "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", + "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "type": "github" }, "original": { From 2c918478abf29afc9e4a64bf59679fbee4c250e3 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 2 Oct 2025 18:53:32 -0500 Subject: [PATCH 865/932] feat: enabled filebot-cleanup task --- configurations/nixos/defiant/configuration.nix | 15 ++++++++++++++- configurations/nixos/defiant/filebot.nix | 4 ++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index b16036b1..9fbdee68 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -351,9 +351,22 @@ }; filebot-cleanup = { - enable = false; + enable = true; licenseFile = "/srv/jellyfin/filebot_license.psm"; }; + + sonarr = { + enable = false; + openFirewall = true; + }; + radarr = { + enable = false; + openFirewall = true; + }; + bazarr = { + enable = false; + openFirewall = true; + }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix index 77d81bda..c6153f92 100644 --- a/configurations/nixos/defiant/filebot.nix +++ b/configurations/nixos/defiant/filebot.nix @@ -52,8 +52,8 @@ in { ${optionalString (cfg.licenseFile != null) '' ${pkgs.filebot}/bin/filebot --license "${cfg.licenseFile}" ''} - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action move + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate + ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate ''; StandardOutput = "journal"; StandardError = "journal"; From 7483c2c01c320a7c46a4add634cc90af2e8c9a9c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Oct 2025 13:59:12 -0500 Subject: [PATCH 866/932] feat: fixed polyclue package --- configurations/home-manager/leyla/packages/default.nix | 4 ++-- modules/common-modules/pkgs/polycule/default.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index a6da7f57..5bccad3e 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -70,8 +70,8 @@ in { noisetorch.enable = true; tor-browser.enable = true; gdx-liftoff.enable = true; - # polycule package is currently broken - polycule.enable = false; + # polycule package is now working with Flutter 3.29 + polycule.enable = true; }) ]; } diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix index d0928971..28c51fc8 100644 --- a/modules/common-modules/pkgs/polycule/default.nix +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -1,6 +1,6 @@ { lib, - flutter329, + flutter332, fetchFromGitLab, pkg-config, wrapGAppsHook, @@ -44,7 +44,7 @@ libva, libvdpau, }: -flutter329.buildFlutterApplication rec { +flutter332.buildFlutterApplication rec { pname = "polycule"; version = "0.3.0"; From bc705098d65a4366dd2458492b55d8996f1437e9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Oct 2025 14:23:26 -0500 Subject: [PATCH 867/932] chore: removed completed task from README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index d0cda108..c952fbf4 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - create some sort of service that allows uploading files to jellyfin - auto sort files into where they should go with some combination of filebot cli and picard cli - graphana accessible though tailscale -- fix polycule package - fix panoramax package - actual instance - intergrade radarr, sonarr, and bazarr From 2935d43bcb34aca22a0221be1736e47bd2971dff Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 3 Oct 2025 21:10:20 -0500 Subject: [PATCH 868/932] feat: moved filebot cleanup to jellyfin persistence --- configurations/nixos/defiant/filebot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix index c6153f92..aaf247db 100644 --- a/configurations/nixos/defiant/filebot.nix +++ b/configurations/nixos/defiant/filebot.nix @@ -62,7 +62,7 @@ in { }; environment.persistence = lib.mkIf config.host.impermanence.enable { - "/persist/system/filebot_cleanup" = { + "/persist/system/jellyfin" = { enable = true; hideMounts = true; files = [ From 0730cc6594cdd9a3a66add42021de16c4ba9d220 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Oct 2025 11:15:53 -0500 Subject: [PATCH 869/932] feat: updated polycule package --- modules/common-modules/pkgs/polycule/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix index 28c51fc8..b463cc5c 100644 --- a/modules/common-modules/pkgs/polycule/default.nix +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -46,19 +46,19 @@ }: flutter332.buildFlutterApplication rec { pname = "polycule"; - version = "0.3.0"; + version = "0.3.4"; src = fetchFromGitLab { owner = "polycule_client"; repo = "polycule"; rev = "v${version}"; - hash = "sha256-kY1vJiDXh0rSCJNOAkO8JGiMR8kXwDHuc3T+S4MkOWY="; + hash = "sha256-RUu8DKuX2NUU5Ce5WLHtDaORkn7CSrgTj3KhM/z+yHc="; }; pubspecLock = lib.importJSON ./polycule-pubspec.lock.json; gitHashes = { - matrix = "sha256-e1HGC2yZyqqYB5YAGKmUkkdDbuSzhiUenJMKJgQYIi8="; + matrix = "sha256-w/QB5nYJ9Lh77TcYKEN/DnNQjWfp+9NX0dwQ9GOzWE8="; media_kit = "sha256-1sVX+aHFLFJBtrNZrR6tWkb80vFELW2N9EejyQKlBPg="; media_kit_libs_android_video = "sha256-N6QoktM8u9NYF8MAXLsxM9RlV8nICM4NbnmABHTRkZg="; }; From 884d11d0a36c5b05a29deddad32a1a9e503ba201 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 4 Oct 2025 12:12:45 -0500 Subject: [PATCH 870/932] chore: updated host map in README --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index c952fbf4..acaa6e76 100644 --- a/README.md +++ b/README.md @@ -7,19 +7,19 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Hosts ## Host Map -| Hostname | Device Description | Primary User | Role | -| :---------: | :------------------------: | :--------------: | :-------: | -| `twilight` | Desktop Computer | Leyla | Desktop | -| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | -| `defiant` | NAS Server | Leyla | Server | -| `hesperium` | Mac | ????? | ??? | -| `emergent` | Desktop Computer | Eve | Desktop | -| `threshold` | Laptop | Eve | Laptop | -| `wolfram` | Steam Deck | House | Handheld | -| `ceder` | A5 Tablet (not using nix) | Leyla | Tablet | -| `skate` | A6 Tablet (not using nix) | Leyla | Tablet | -| `shale` | A6 Tablet (not using nix) | Eve | Tablet | -| `coven` | Pixel 8 (not using nix) | Leyla | Android | +| Hostname | Device Description | Primary User | Role | Provisioned | Using Nix | +| :---------: | :------------------------: | :--------------: | :-------: | :---------: | :-------: | +| `twilight` | Desktop Computer | Leyla | Desktop | ✅ | ✅ | +| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | ✅ | ✅ | +| `defiant` | NAS Server | Leyla | Server | ✅ | ✅ | +| `hesperium` | Mac | ????? | Mac | ❌ | ❌ | +| `emergent` | Desktop Computer | Eve | Desktop | ✅ | ✅ | +| `threshold` | Laptop | Eve | Laptop | ❌ | ❌ | +| `wolfram` | Steam Deck | House | Handheld | ✅ | ❌ | +| `ceder` | A5 Tablet | Leyla | Tablet | ✅ | ❌ | +| `skate` | A6 Tablet | Leyla | Tablet | ❌ | ❌ | +| `shale` | A6 Tablet | Eve | Tablet | ✅ | ❌ | +| `coven` | Pixel 8 | Leyla | Android | ✅ | ❌ | # Tooling ## Rebuilding From 44922dfcd589116c996bf054e7951a020b06294e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 5 Oct 2025 14:58:41 -0500 Subject: [PATCH 871/932] feat: re enabled lix --- flake.lock | 90 ++++++++++++++++++++++++++++++++++++++++++++++-- flake.nix | 8 ++--- util/default.nix | 4 +-- 3 files changed, 94 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 080c2210..5be844f6 100644 --- a/flake.lock +++ b/flake.lock @@ -111,6 +111,39 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -146,10 +179,47 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1759624822, + "narHash": "sha256-cf40qfsfpxJU/BnQ9PEj027LdPINNSsJqm+C6Ug93BA=", + "rev": "57333a0e600c5e096a609410a2f1059b97194b1e", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/57333a0e600c5e096a609410a2f1059b97194b1e.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756511062, + "narHash": "sha256-IgD1JR7scSEwlK/YAbmrcTWpAYT30LPldCUHdzXkaMs=", + "ref": "refs/heads/main", + "rev": "3f09a5eb772e02d98bb8878ab687d5b721f00d16", + "revCount": 162, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module.git" + } + }, "mcp-nixos": { "inputs": { "devshell": "devshell", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -211,7 +281,7 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -285,6 +355,7 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", + "lix-module": "lix-module", "mcp-nixos": "mcp-nixos", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", @@ -360,6 +431,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 151a54b3..ddf92ce9 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # lix-module = { - # url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # secret encryption sops-nix = { diff --git a/util/default.nix b/util/default.nix index 5b617795..fb2f83d1 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - # lix-module = inputs.lix-module; + lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - # lix-module.nixosModules.default + lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ]; From 76d3c488db0c7468e7a9c47ebcfe9b6ac9cd0984 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 8 Oct 2025 13:05:08 -0500 Subject: [PATCH 872/932] feat: pinned mapilary version downloader feat: created user ivy --- configurations/home-manager/default.nix | 1 + configurations/home-manager/ivy/default.nix | 55 ++++++++++++++ configurations/home-manager/ivy/packages.nix | 73 +++++++++++++++++++ .../nixos/horizon/configuration.nix | 1 + flake.lock | 8 +- .../pkgs/mapillary-uploader.nix | 4 +- modules/nixos-modules/users.nix | 30 ++++++++ modules/system-modules/users.nix | 5 ++ nix-config-secrets | 2 +- 9 files changed, 172 insertions(+), 7 deletions(-) create mode 100644 configurations/home-manager/ivy/default.nix create mode 100644 configurations/home-manager/ivy/packages.nix diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix index a7fa4784..3f884814 100644 --- a/configurations/home-manager/default.nix +++ b/configurations/home-manager/default.nix @@ -8,5 +8,6 @@ in { leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); eve = lib.mkIf users.eve.isNormalUser (import ./eve); + ivy = lib.mkIf users.ivy.isNormalUser (import ./ivy); git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git); } diff --git a/configurations/home-manager/ivy/default.nix b/configurations/home-manager/ivy/default.nix new file mode 100644 index 00000000..48a3cae1 --- /dev/null +++ b/configurations/home-manager/ivy/default.nix @@ -0,0 +1,55 @@ +{osConfig, ...}: let + userConfig = osConfig.host.users.ivy; +in { + imports = [ + ./packages.nix + ]; + + home = { + username = userConfig.name; + homeDirectory = osConfig.users.users.ivy.home; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/ivy/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; + }; +} diff --git a/configurations/home-manager/ivy/packages.nix b/configurations/home-manager/ivy/packages.nix new file mode 100644 index 00000000..3c2a3d9e --- /dev/null +++ b/configurations/home-manager/ivy/packages.nix @@ -0,0 +1,73 @@ +{ + lib, + pkgs, + config, + osConfig, + ... +}: { + config = { + nixpkgs.config = { + allowUnfree = true; + }; + + # Programs that need to be installed with some extra configuration + programs = lib.mkMerge [ + { + # Let Home Manager install and manage itself. + home-manager.enable = true; + } + (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { + # git = { + # enable = true; + # userName = "Ivy"; + # userEmail = "ivy@example.com"; # Update this with actual email + # extraConfig.init.defaultBranch = "main"; + # }; + + openssh = { + enable = true; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }) + (lib.mkIf config.user.isDesktopUser { + vscode = { + enable = true; + package = pkgs.vscodium; + mutableExtensionsDir = false; + + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + + extraExtensions = { + # Cline extension (Claude AI assistant) + claudeDev.enable = true; + # Auto Rename Tag + autoRenameTag.enable = true; + # Live Server + liveServer.enable = true; + }; + + extensions = let + extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + in ( + with extension-pkgs.open-vsx; [ + streetsidesoftware.code-spell-checker + ] + ); + }; + }; + + firefox.enable = true; + discord.enable = true; + signal-desktop-bin.enable = true; + claude-code.enable = true; + }) + ]; + }; +} diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 731c6b02..0e86fe7c 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -32,6 +32,7 @@ isPrincipleUser = true; }; eve.isDesktopUser = true; + ivy.isDesktopUser = true; }; hardware = { diff --git a/flake.lock b/flake.lock index 5be844f6..93091053 100644 --- a/flake.lock +++ b/flake.lock @@ -369,11 +369,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1752531440, - "narHash": "sha256-04tQ3EUrtmZ7g6fVUkZC4AbAG+Z7lng79qU3jsiqWJY=", + "lastModified": 1759945215, + "narHash": "sha256-xmUzOuhJl6FtTjR5++OQvSoAnXe7/VA5QFCZDyFwBXo=", "ref": "refs/heads/main", - "rev": "f016767c13aa36dde91503f7a9f01bdd02468045", - "revCount": 20, + "rev": "444229a105445339fb028d15a8d866063c5f8141", + "revCount": 21, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 3ab38f8b..7ce24f22 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -4,10 +4,10 @@ appimageTools, }: let pname = "mapillary-uploader"; - version = "4.7.2"; # Based on the application output + version = "4.7.2"; src = fetchurl { - url = "https://tools.mapillary.com/uploader/download/linux"; + url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; sha256 = "sha256-Oyx7AIdA/2mwBaq7UzXOoyq/z2SU2sViMN40sY2RCQw="; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index db7d4ab9..137ae4bd 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -15,6 +15,7 @@ uids = { leyla = 1000; eve = 1002; + ivy = 1004; jellyfin = 2000; forgejo = 2002; hass = 2004; @@ -33,6 +34,7 @@ gids = { leyla = 1000; eve = 1002; + ivy = 1004; users = 100; jellyfin_media = 2001; jellyfin = 2000; @@ -53,6 +55,7 @@ users = config.users.users; leyla = users.leyla.name; eve = users.eve.name; + ivy = users.ivy.name; in { config = lib.mkMerge [ { @@ -90,6 +93,10 @@ in { neededForUsers = true; sopsFile = "${inputs.secrets}/user-passwords.yaml"; }; + "passwords/ivy" = { + neededForUsers = true; + sopsFile = "${inputs.secrets}/user-passwords.yaml"; + }; }; }; @@ -123,6 +130,19 @@ in { group = config.users.users.eve.name; }; + ivy = { + uid = lib.mkForce uids.ivy; + name = lib.mkForce host.users.ivy.name; + description = "Ivy"; + extraGroups = + lib.optionals host.users.ivy.isNormalUser ["networkmanager"] + ++ (lib.lists.optionals host.users.ivy.isPrincipleUser ["wheel"]); + hashedPasswordFile = config.sops.secrets."passwords/ivy".path; + isNormalUser = host.users.ivy.isNormalUser; + isSystemUser = !host.users.ivy.isNormalUser; + group = config.users.users.ivy.name; + }; + jellyfin = { uid = lib.mkForce uids.jellyfin; isSystemUser = true; @@ -218,11 +238,19 @@ in { ]; }; + ivy = { + gid = lib.mkForce gids.ivy; + members = [ + ivy + ]; + }; + users = { gid = lib.mkForce gids.users; members = [ leyla eve + ivy ]; }; @@ -235,6 +263,7 @@ in { users.bazarr.name leyla eve + ivy ]; }; @@ -268,6 +297,7 @@ in { users.syncthing.name leyla eve + ivy ]; }; diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix index cd9c9000..dda9ed37 100644 --- a/modules/system-modules/users.nix +++ b/modules/system-modules/users.nix @@ -89,6 +89,11 @@ in { isDesktopUser = lib.mkDefault false; isTerminalUser = lib.mkDefault false; }; + ivy = { + isPrincipleUser = lib.mkDefault false; + isDesktopUser = lib.mkDefault false; + isTerminalUser = lib.mkDefault false; + }; }; assertions = diff --git a/nix-config-secrets b/nix-config-secrets index f016767c..444229a1 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit f016767c13aa36dde91503f7a9f01bdd02468045 +Subproject commit 444229a105445339fb028d15a8d866063c5f8141 From 32c7086394cdffc9237792a6bed0c977e0e040fb Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Oct 2025 23:06:54 -0500 Subject: [PATCH 873/932] feat: added display scaling for eve --- configurations/home-manager/eve/gnomeconf.nix | 30 +++++++++++++++---- modules/home-manager-modules/gnome.nix | 19 ++++++++++++ 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix index fbad391d..ac063d88 100644 --- a/configurations/home-manager/eve/gnomeconf.nix +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -1,12 +1,30 @@ -{pkgs, ...}: { +{ + pkgs, + osConfig, + lib, + ... +}: { config = { + gnome = lib.mkMerge [ + { + colorScheme = "prefer-dark"; + accentColor = "slate"; + extraWindowControls = true; + extensions = [ + pkgs.gnomeExtensions.dash-to-panel + ]; + } + + (lib.mkIf (osConfig.networking.hostName == "horizon") { + displayScaling = 125; + experimentalFeatures = { + scaleMonitorFramebuffer = true; + }; + }) + ]; + dconf = { enable = true; - settings = { - "org/gnome/shell".enabled-extensions = [ - pkgs.gnomeExtensions.dash-to-panel.extensionUuid - ]; - }; }; }; } diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 8c70cf6c..ede189bf 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -60,6 +60,20 @@ })); default = {}; }; + displayScaling = lib.mkOption { + type = lib.types.nullOr (lib.types.enum [100 125 150 175 200]); + default = null; + description = "Display scaling percentage for GNOME"; + }; + experimentalFeatures = lib.mkOption { + type = lib.types.submodule { + options = { + scaleMonitorFramebuffer = lib.mkEnableOption "scale-monitor-framebuffer experimental feature"; + }; + }; + default = {}; + description = "GNOME experimental features to enable"; + }; }; config = { @@ -77,6 +91,11 @@ "org/gnome/desktop/interface".color-scheme = config.gnome.colorScheme; "org/gnome/desktop/interface".accent-color = config.gnome.accentColor; "org/gnome/desktop/interface".clock-format = config.gnome.clockFormat; + "org/gnome/desktop/interface".text-scaling-factor = lib.mkIf (config.gnome.displayScaling != null) (config.gnome.displayScaling / 100.0); + + "org/gnome/mutter".experimental-features = lib.mkIf (builtins.any (x: x) (builtins.attrValues config.gnome.experimentalFeatures)) ( + lib.optional config.gnome.experimentalFeatures.scaleMonitorFramebuffer "scale-monitor-framebuffer" + ); } ( lib.mkMerge ( From c81fa77a2959315e16e68412505e092cc550e26f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Oct 2025 23:26:24 -0500 Subject: [PATCH 874/932] feat: simplified gnome configurations with more options --- configurations/home-manager/eve/gnomeconf.nix | 9 ++-- configurations/home-manager/leyla/dconf.nix | 29 +++++++------ modules/home-manager-modules/gnome.nix | 43 +++++++++++++++++-- 3 files changed, 61 insertions(+), 20 deletions(-) diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix index ac063d88..7cfb8fd0 100644 --- a/configurations/home-manager/eve/gnomeconf.nix +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -1,5 +1,4 @@ { - pkgs, osConfig, lib, ... @@ -10,9 +9,11 @@ colorScheme = "prefer-dark"; accentColor = "slate"; extraWindowControls = true; - extensions = [ - pkgs.gnomeExtensions.dash-to-panel - ]; + extensions = { + dash-to-panel = { + enable = true; + }; + }; } (lib.mkIf (osConfig.networking.hostName == "horizon") { diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index ef75db68..8c8d5533 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,31 +1,36 @@ -{pkgs, ...}: { +{...}: { config = { gnome = { extraWindowControls = true; colorScheme = "prefer-dark"; clockFormat = "24h"; - extensions = [ - pkgs.gnomeExtensions.dash-to-dock - ]; + extensions = { + dash-to-dock = { + enable = true; + options = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = false; + "show-mounts" = false; + }; + }; + }; hotkeys = { "Open Terminal" = { binding = "t"; command = "kgx"; }; + "Open Firefox" = { + binding = "f"; + command = "firefox"; + }; }; }; dconf = { enable = true; settings = { - "org/gnome/shell/extensions/dash-to-dock" = { - "dock-position" = "LEFT"; - "intellihide-mode" = "ALL_WINDOWS"; - "show-trash" = false; - "require-pressure-to-show" = false; - "show-mounts" = false; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index ede189bf..fa80eb21 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -1,8 +1,14 @@ { lib, config, + pkgs, ... -}: { +}: let + enabledExtensions = + [] + ++ lib.optional config.gnome.extensions.dash-to-dock.enable pkgs.gnomeExtensions.dash-to-dock + ++ lib.optional config.gnome.extensions.dash-to-panel.enable pkgs.gnomeExtensions.dash-to-panel; +in { options.gnome = { extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; clockFormat = lib.mkOption { @@ -34,7 +40,7 @@ ]; default = "blue"; }; - extensions = lib.mkOption { + extraExtensions = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; description = "The set of extensions to install and enable in the user environment."; @@ -74,16 +80,36 @@ default = {}; description = "GNOME experimental features to enable"; }; + + extensions = { + dash-to-dock = { + enable = lib.mkEnableOption "Dash to Dock extension"; + options = lib.mkOption { + type = lib.types.nullOr lib.types.attrs; + default = null; + description = "Dash to Dock configuration options. If null, no custom configuration will be applied."; + }; + }; + + dash-to-panel = { + enable = lib.mkEnableOption "Dash to Panel extension"; + options = lib.mkOption { + type = lib.types.nullOr lib.types.attrs; + default = null; + description = "Dash to Panel configuration options. If null, no custom configuration will be applied."; + }; + }; + }; }; config = { - home.packages = config.gnome.extensions; + home.packages = config.gnome.extraExtensions ++ enabledExtensions; dconf = { settings = lib.mkMerge [ { "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extraExtensions; }; "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; @@ -119,6 +145,15 @@ ) ) ) + + # Extension configurations + (lib.mkIf (config.gnome.extensions.dash-to-dock.enable && config.gnome.extensions.dash-to-dock.options != null) { + "org/gnome/shell/extensions/dash-to-dock" = config.gnome.extensions.dash-to-dock.options; + }) + + (lib.mkIf (config.gnome.extensions.dash-to-panel.enable && config.gnome.extensions.dash-to-panel.options != null) { + "org/gnome/shell/extensions/dash-to-panel" = config.gnome.extensions.dash-to-panel.options; + }) ]; }; }; From ee6d48fe4926ffcff13efbaefbbc932a47503938 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 11 Oct 2025 23:34:16 -0500 Subject: [PATCH 875/932] feat: added night light as a dconf option --- configurations/home-manager/eve/gnomeconf.nix | 8 ++++ configurations/home-manager/leyla/dconf.nix | 7 ++++ modules/home-manager-modules/gnome.nix | 41 +++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix index 7cfb8fd0..7cd3863d 100644 --- a/configurations/home-manager/eve/gnomeconf.nix +++ b/configurations/home-manager/eve/gnomeconf.nix @@ -8,6 +8,14 @@ { colorScheme = "prefer-dark"; accentColor = "slate"; + clockFormat = "24h"; + nightLight = { + enable = true; + automatic = false; + fromTime = 12.0; + toTime = 11.999999999999; + temperature = 2700; + }; extraWindowControls = true; extensions = { dash-to-panel = { diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 8c8d5533..9aa61f7c 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -4,6 +4,13 @@ extraWindowControls = true; colorScheme = "prefer-dark"; clockFormat = "24h"; + nightLight = { + enable = true; + automatic = false; + fromTime = 12.0; + toTime = 11.999999999999; + temperature = 2700; + }; extensions = { dash-to-dock = { enable = true; diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index fa80eb21..d2ee3b7d 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -81,6 +81,36 @@ in { description = "GNOME experimental features to enable"; }; + nightLight = lib.mkOption { + type = lib.types.submodule { + options = { + enable = lib.mkEnableOption "night light (blue light filter)"; + automatic = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically schedule night light based on sunset/sunrise"; + }; + fromTime = lib.mkOption { + type = lib.types.float; + default = 20.0; + description = "Start time for night light in 24-hour format (e.g., 20.0 for 8:00 PM)"; + }; + toTime = lib.mkOption { + type = lib.types.float; + default = 6.0; + description = "End time for night light in 24-hour format (e.g., 6.0 for 6:00 AM)"; + }; + temperature = lib.mkOption { + type = lib.types.int; + default = 4000; + description = "Color temperature for night light (1000-10000K, lower is warmer)"; + }; + }; + }; + default = {}; + description = "Night light configuration"; + }; + extensions = { dash-to-dock = { enable = lib.mkEnableOption "Dash to Dock extension"; @@ -123,6 +153,17 @@ in { lib.optional config.gnome.experimentalFeatures.scaleMonitorFramebuffer "scale-monitor-framebuffer" ); } + + # Night light configuration + (lib.mkIf config.gnome.nightLight.enable { + "org/gnome/settings-daemon/plugins/color" = { + night-light-enabled = true; + night-light-schedule-automatic = config.gnome.nightLight.automatic; + night-light-schedule-from = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.fromTime; + night-light-schedule-to = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.toTime; + night-light-temperature = config.gnome.nightLight.temperature; + }; + }) ( lib.mkMerge ( builtins.map (value: let From a51a364ce9e2cc31052461bf7b93cc435ded73c5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 12 Oct 2025 21:10:40 -0500 Subject: [PATCH 876/932] fix: enabled extensions installed via config options --- modules/home-manager-modules/gnome.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index d2ee3b7d..ab56189b 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -8,6 +8,8 @@ [] ++ lib.optional config.gnome.extensions.dash-to-dock.enable pkgs.gnomeExtensions.dash-to-dock ++ lib.optional config.gnome.extensions.dash-to-panel.enable pkgs.gnomeExtensions.dash-to-panel; + + extensions = config.gnome.extraExtensions ++ enabledExtensions; in { options.gnome = { extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; @@ -133,13 +135,13 @@ in { }; config = { - home.packages = config.gnome.extraExtensions ++ enabledExtensions; + home.packages = extensions; dconf = { settings = lib.mkMerge [ { "org/gnome/shell" = { disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extraExtensions; + enabled-extensions = builtins.map (extension: extension.extensionUuid) extensions; }; "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; From 6d5a07e08f0e170e36edce00ad33268638eeef86 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 09:36:48 -0500 Subject: [PATCH 877/932] feat: refactored impermanence to be enableable for users on a system --- .../home-manager/leyla/impermanence.nix | 3 +- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/impermanence.nix | 31 +++++++++++++++++++ modules/home-manager-modules/openssh.nix | 2 +- .../programs/bitwarden.nix | 3 +- .../home-manager-modules/programs/bruno.nix | 3 +- .../home-manager-modules/programs/calibre.nix | 3 +- .../programs/davinci-resolve.nix | 3 +- .../home-manager-modules/programs/dbeaver.nix | 3 +- .../home-manager-modules/programs/discord.nix | 3 +- .../home-manager-modules/programs/firefox.nix | 3 +- .../home-manager-modules/programs/freecad.nix | 3 +- .../home-manager-modules/programs/gimp.nix | 3 +- .../home-manager-modules/programs/idea.nix | 2 +- .../programs/inkscape.nix | 3 +- .../home-manager-modules/programs/krita.nix | 3 +- .../programs/libreoffice.nix | 3 +- .../home-manager-modules/programs/makemkv.nix | 3 +- modules/home-manager-modules/programs/obs.nix | 3 +- .../programs/obsidian.nix | 3 +- .../home-manager-modules/programs/picard.nix | 3 +- .../programs/polycule.nix | 3 +- .../programs/prostudiomasters.nix | 3 +- .../programs/protonvpn.nix | 3 +- .../programs/qbittorrent.nix | 3 +- .../programs/qflipper.nix | 3 +- .../home-manager-modules/programs/signal.nix | 3 +- .../home-manager-modules/programs/steam.nix | 3 +- .../programs/tor-browser.nix | 3 +- .../programs/ungoogled-chromium.nix | 3 +- .../server/panoramax/impermanence.nix | 3 +- 31 files changed, 61 insertions(+), 56 deletions(-) create mode 100644 modules/home-manager-modules/impermanence.nix diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 041bff8d..ce81c818 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -1,10 +1,9 @@ { lib, config, - osConfig, ... }: { - config = lib.mkIf osConfig.host.impermanence.enable { + config = lib.mkIf (config.impermanence.enable) { home.persistence."/persist/home/leyla" = { directories = [ "desktop" diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 4c085a54..29d34148 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -5,6 +5,7 @@ ./user.nix ./flipperzero.nix ./i18n.nix + ./impermanence.nix ./openssh.nix ./gnome.nix ./programs diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix new file mode 100644 index 00000000..dc9eae97 --- /dev/null +++ b/modules/home-manager-modules/impermanence.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + osConfig, + ... +}: let + cfg = config.impermanence; +in { + options.impermanence = { + enable = lib.mkEnableOption "impermanence for home directory"; + }; + + config = lib.mkMerge [ + (lib.mkIf config.impermanence.enable { + assertions = [ + { + assertion = osConfig.impermanence.enable; + message = "impermanence can not be enabled for a user when it is not enabled for a configuration"; + } + ]; + }) + (lib.mkIf osConfig.host.impermanence.enable { + # If impermanence is not enabled for this user but system impermanence is enabled, + # persist the entire home directory as fallback + home.persistence."/persist/home/${config.home.username}" = lib.mkIf (!cfg.enable) { + directories = ["."]; + allowOther = true; + }; + }) + ]; +} diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 9d77d106..afc98dd2 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -95,7 +95,7 @@ ); } ) - (lib.mkIf osConfig.host.impermanence.enable { + (lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { files = lib.lists.flatten ( builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index b9b91c41..5c14068f 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.bitwarden = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/Bitwarden" diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 00b248f5..8ad5e634 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.bruno = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/bruno/" diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 9e5f34e3..dbe6e2b6 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.calibre = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/calibre" diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index 00ba525b..6c4526fa 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.davinci-resolve = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/DaVinciResolve" diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index a9624594..8b6c41ad 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.dbeaver-bin = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/DBeaverData/" diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index e8605a51..d5d7192a 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.discord = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/discord/" diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 907b619b..8841887d 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -1,7 +1,6 @@ { lib, config, - osConfig, ... }: let buildProfilePersistence = profile: { @@ -26,7 +25,7 @@ allowOther = true; }; in { - config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) { + config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( ( lib.attrsets.mapAttrsToList diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index ec172057..89668dec 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.freecad = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/FreeCAD" diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index 428068ea..925a2d9f 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.gimp = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/GIMP" diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index f0a928cd..73484ae7 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -16,7 +16,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ # configuration diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index facb08f5..a26ddecc 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.inkscape = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/inkscape" diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index d6622510..3ba5560c 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.krita = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/kritarc" diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index b61ea58c..93163e79 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.libreoffice = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/libreoffice" diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index eca059dd..e92c3d37 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.makemkv = { @@ -30,7 +29,7 @@ home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ ".MakeMKV" diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 98c4feac..5c2d3c2e 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -1,12 +1,11 @@ { lib, config, - osConfig, ... }: { config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { # TODO: map impermanence for obs } ) diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 4d28b3e7..824563d3 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -1,12 +1,11 @@ { lib, config, - osConfig, ... }: { config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/obsidian" diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index d2c1fe22..bc37b865 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.picard = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/MusicBrainz" diff --git a/modules/home-manager-modules/programs/polycule.nix b/modules/home-manager-modules/programs/polycule.nix index a7004bd1..d0aea2ae 100644 --- a/modules/home-manager-modules/programs/polycule.nix +++ b/modules/home-manager-modules/programs/polycule.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.polycule = { @@ -17,7 +16,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { # TODO: check that these are actually the correct folders # directories = [ diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 9e6088f0..5345169f 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.prostudiomasters = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/ProStudioMasters" diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index dd11aae7..513a6103 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.protonvpn-gui = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/protonvpn" diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 02e23df8..61d13c02 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.qbittorrent = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/qBittorrent" diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index abc24424..8b427667 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.qflipper = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/qFlipper" diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index fdf0af9e..7db23a7a 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.signal-desktop-bin = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/Signal" diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 46611514..fd98cb6a 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.steam = { @@ -18,7 +17,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ { diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index 2c585788..c3b085da 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.tor-browser = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/torbrowser" diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index 5b52cd67..ef6a8818 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.ungoogled-chromium = { @@ -16,7 +15,7 @@ ]; } ( - lib.mkIf osConfig.host.impermanence.enable { + lib.mkIf config.impermanence.enable { home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/chromium" diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix index 011c3223..41b14011 100644 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -1,10 +1,9 @@ { lib, config, - osConfig, ... }: { - config = lib.mkIf (config.services.panoramax.enable && osConfig.host.impermanence.enable) { + config = lib.mkIf (config.services.panoramax.enable && config.host.impermanence.enable) { # TODO: configure impermanence for panoramax data # This would typically include directories like: # - /var/lib/panoramax From 80ad498f9405245e7ae2277cea474ab71b2a5f7e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 09:40:02 -0500 Subject: [PATCH 878/932] style: removed unused vars --- modules/home-manager-modules/programs/gdx-liftoff.nix | 1 - modules/home-manager-modules/programs/idea.nix | 1 - modules/home-manager-modules/programs/mfoc.nix | 1 - modules/home-manager-modules/programs/noisetorch.nix | 1 - modules/home-manager-modules/programs/onionshare.nix | 1 - modules/home-manager-modules/programs/openrgb.nix | 1 - modules/home-manager-modules/programs/openvpn.nix | 1 - modules/home-manager-modules/programs/pdfarranger.nix | 1 - modules/home-manager-modules/programs/piper.nix | 1 - modules/home-manager-modules/programs/proxmark3.nix | 1 - modules/home-manager-modules/programs/via.nix | 1 - 11 files changed, 11 deletions(-) diff --git a/modules/home-manager-modules/programs/gdx-liftoff.nix b/modules/home-manager-modules/programs/gdx-liftoff.nix index b29230d3..44408312 100644 --- a/modules/home-manager-modules/programs/gdx-liftoff.nix +++ b/modules/home-manager-modules/programs/gdx-liftoff.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.gdx-liftoff = { diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index 73484ae7..e59e7b21 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.jetbrains.idea-community = { diff --git a/modules/home-manager-modules/programs/mfoc.nix b/modules/home-manager-modules/programs/mfoc.nix index 7b92007f..6006c9ba 100644 --- a/modules/home-manager-modules/programs/mfoc.nix +++ b/modules/home-manager-modules/programs/mfoc.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.mfoc = { diff --git a/modules/home-manager-modules/programs/noisetorch.nix b/modules/home-manager-modules/programs/noisetorch.nix index c53e3a91..4b426387 100644 --- a/modules/home-manager-modules/programs/noisetorch.nix +++ b/modules/home-manager-modules/programs/noisetorch.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.noisetorch = { diff --git a/modules/home-manager-modules/programs/onionshare.nix b/modules/home-manager-modules/programs/onionshare.nix index ed1903de..475f993a 100644 --- a/modules/home-manager-modules/programs/onionshare.nix +++ b/modules/home-manager-modules/programs/onionshare.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.onionshare = { diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index 0260c91a..ab156a65 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.openrgb = { diff --git a/modules/home-manager-modules/programs/openvpn.nix b/modules/home-manager-modules/programs/openvpn.nix index 814c16da..dcd499ce 100644 --- a/modules/home-manager-modules/programs/openvpn.nix +++ b/modules/home-manager-modules/programs/openvpn.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.openvpn = { diff --git a/modules/home-manager-modules/programs/pdfarranger.nix b/modules/home-manager-modules/programs/pdfarranger.nix index d4e33b5c..9246efd4 100644 --- a/modules/home-manager-modules/programs/pdfarranger.nix +++ b/modules/home-manager-modules/programs/pdfarranger.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.pdfarranger = { diff --git a/modules/home-manager-modules/programs/piper.nix b/modules/home-manager-modules/programs/piper.nix index ec0d887d..3ed25fd8 100644 --- a/modules/home-manager-modules/programs/piper.nix +++ b/modules/home-manager-modules/programs/piper.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.piper = { diff --git a/modules/home-manager-modules/programs/proxmark3.nix b/modules/home-manager-modules/programs/proxmark3.nix index ad1e2989..656be193 100644 --- a/modules/home-manager-modules/programs/proxmark3.nix +++ b/modules/home-manager-modules/programs/proxmark3.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.proxmark3 = { diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 0b794526..41918c81 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -2,7 +2,6 @@ lib, pkgs, config, - osConfig, ... }: { options.programs.via = { From 75dcac8d178660c905054862f1bc3d863d92890d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 16:51:26 -0500 Subject: [PATCH 879/932] feat: drafted out open dyslexic font for vscode --- configurations/home-manager/leyla/default.nix | 1 - .../leyla/packages/vscode/default.nix | 2 + .../programs/vscode/default.nix | 1 + .../programs/vscode/openDyslexicFont.nix | 48 +++++++++++++++++++ 4 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 modules/home-manager-modules/programs/vscode/openDyslexicFont.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 6d759c5c..eba7f7b8 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -87,7 +87,6 @@ # TODO: move this into a fonts module home.packages = with pkgs; [ aileron - nerd-fonts.open-dyslexic ]; fonts.fontconfig.enable = true; }; diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index ba9e48a3..9d1b6c66 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -40,6 +40,8 @@ in { oneDark.enable = true; atomKeybindings.enable = true; openRemoteSsh.enable = true; + # I don't like how the terminal feels with open dyslexic font on and lots of parts of the UI don't get set anyways + openDyslexicFont.enable = false; # html development autoRenameTag.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 85f4a623..8f366fef 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -23,5 +23,6 @@ ./vitest.nix ./direnv.nix ./conventionalCommits.nix + ./openDyslexicFont.nix ]; } diff --git a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix new file mode 100644 index 00000000..acfb79c8 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix @@ -0,0 +1,48 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.openDyslexicFont = { + enable = lib.mkEnableOption "should OpenDyslexic font be set as the default font for VSCode"; + package = lib.mkPackageOption pkgs "nerd-fonts.open-dyslexic" { + default = ["nerd-fonts" "open-dyslexic"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.openDyslexicFont.enable { + userSettings = { + "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', 'OpenDyslexic', monospace"; + "editor.fontSize" = 14; + }; + }; + })); + }; + + config = let + enabledProfiles = + lib.filter (profile: profile.extraExtensions.openDyslexicFont.enable or false) + (lib.attrValues config.programs.vscode.profiles); + + anyProfileUsesOpenDyslexicFont = enabledProfiles != []; + + fontPackages = lib.unique (map (profile: profile.extraExtensions.openDyslexicFont.package) enabledProfiles); + in { + # Ensure OpenDyslexic font packages are installed when any VSCode profile uses them + home.packages = fontPackages; + + fonts.fontconfig.enable = lib.mkIf anyProfileUsesOpenDyslexicFont true; + + # Add assertion to ensure the fonts are available + assertions = + map (fontPkg: { + assertion = lib.elem fontPkg config.home.packages; + message = "OpenDyslexic font package '${fontPkg.name or "unknown"}' must be installed when using openDyslexicFont extension for VSCode."; + }) + fontPackages; + }; +} From d87462981e7e420b011da9629a4fd4668af6513e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 17:00:30 -0500 Subject: [PATCH 880/932] feat: enabled open dyslexia --- configurations/home-manager/leyla/packages/vscode/default.nix | 4 ++-- .../home-manager-modules/programs/vscode/openDyslexicFont.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 9d1b6c66..cf40c509 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -32,6 +32,7 @@ in { "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; + "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace"; } ]; @@ -40,8 +41,7 @@ in { oneDark.enable = true; atomKeybindings.enable = true; openRemoteSsh.enable = true; - # I don't like how the terminal feels with open dyslexic font on and lots of parts of the UI don't get set anyways - openDyslexicFont.enable = false; + openDyslexicFont.enable = true; # html development autoRenameTag.enable = true; diff --git a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix index acfb79c8..3c7b609b 100644 --- a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix +++ b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix @@ -16,7 +16,7 @@ }; config = lib.mkIf config.extraExtensions.openDyslexicFont.enable { userSettings = { - "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', 'OpenDyslexic', monospace"; + "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', Droid Sans Mono, monospace"; "editor.fontSize" = 14; }; }; From c953571f2fab93e184bc24573f7d83f01e526fea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 17:11:59 -0500 Subject: [PATCH 881/932] feat: decrease letter spacing on open dyslexia vscode --- .../home-manager-modules/programs/vscode/openDyslexicFont.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix index 3c7b609b..f1f6215b 100644 --- a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix +++ b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix @@ -18,6 +18,7 @@ userSettings = { "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', Droid Sans Mono, monospace"; "editor.fontSize" = 14; + "editor.letterSpacing" = -0.3; }; }; })); From 352ca6fccf574d645ec3b71efb5c36ba5d00c9e8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 13 Oct 2025 19:30:33 -0500 Subject: [PATCH 882/932] feat: disabled open dyslexic --- configurations/home-manager/leyla/packages/vscode/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index cf40c509..fd72006e 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -32,7 +32,7 @@ in { "javascript.updateImportsOnFileMove.enabled" = "always"; "editor.tabSize" = 2; "editor.insertSpaces" = false; - "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace"; + # "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace"; } ]; @@ -41,7 +41,7 @@ in { oneDark.enable = true; atomKeybindings.enable = true; openRemoteSsh.enable = true; - openDyslexicFont.enable = true; + # openDyslexicFont.enable = false; # html development autoRenameTag.enable = true; From f02cb085700a75f4a7751aa173b19ee6aef97f76 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 16 Oct 2025 23:29:37 -0500 Subject: [PATCH 883/932] feat: disabled filebot-cleanup --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9fbdee68..5dde3954 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -351,7 +351,7 @@ }; filebot-cleanup = { - enable = true; + enable = false; licenseFile = "/srv/jellyfin/filebot_license.psm"; }; From e895fa5eddd9d5d5cceb64fed08321dd56d14cfc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 13:15:41 -0500 Subject: [PATCH 884/932] feat: removed filebot --- .../nixos/defiant/configuration.nix | 11 +-- configurations/nixos/defiant/default.nix | 1 - configurations/nixos/defiant/filebot.nix | 82 ------------------- 3 files changed, 3 insertions(+), 91 deletions(-) delete mode 100644 configurations/nixos/defiant/filebot.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5dde3954..03dff033 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -350,21 +350,16 @@ webuiPort = 8084; }; - filebot-cleanup = { - enable = false; - licenseFile = "/srv/jellyfin/filebot_license.psm"; - }; - sonarr = { - enable = false; + enable = true; openFirewall = true; }; radarr = { - enable = false; + enable = true; openFirewall = true; }; bazarr = { - enable = false; + enable = true; openFirewall = true; }; }; diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix index 05975a12..30139466 100644 --- a/configurations/nixos/defiant/default.nix +++ b/configurations/nixos/defiant/default.nix @@ -4,6 +4,5 @@ ./hardware-configuration.nix ./configuration.nix ./packages.nix - ./filebot.nix ]; } diff --git a/configurations/nixos/defiant/filebot.nix b/configurations/nixos/defiant/filebot.nix deleted file mode 100644 index aaf247db..00000000 --- a/configurations/nixos/defiant/filebot.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.services.filebot-cleanup; -in { - options.services.filebot-cleanup = { - enable = mkEnableOption "Filebot cleanup service"; - - licenseFile = mkOption { - type = types.nullOr types.path; - default = null; - description = "Path to the Filebot license file"; - }; - - cleanupDirectory = mkOption { - type = types.str; - default = "/srv/jellyfin/filebot_cleanup"; - description = "Directory where cleaned up media files are stored"; - }; - }; - - config = mkIf cfg.enable { - users.groups.filebot_cleanup = {}; - users.users.filebot_cleanup = { - isSystemUser = true; - group = "filebot_cleanup"; - extraGroups = ["jellyfin_media"]; - home = cfg.cleanupDirectory; - createHome = true; - }; - - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "filebot" - ]; - - environment.systemPackages = with pkgs; [ - filebot - ]; - - systemd.services.filebot-cleanup = { - description = "Filebot media cleanup service"; - serviceConfig = { - Type = "simple"; - User = "filebot_cleanup"; - Group = "filebot_cleanup"; - ExecStart = pkgs.writeShellScript "filebot-cleanup" '' - ${optionalString (cfg.licenseFile != null) '' - ${pkgs.filebot}/bin/filebot --license "${cfg.licenseFile}" - ''} - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Movies/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate - ${pkgs.filebot}/bin/filebot -rename -r "/srv/jellyfin/media/Shows/" --output "${cfg.cleanupDirectory}/" --format "{jellyfin}" -non-strict --action duplicate - ''; - StandardOutput = "journal"; - StandardError = "journal"; - }; - wantedBy = ["multi-user.target"]; - }; - - environment.persistence = lib.mkIf config.host.impermanence.enable { - "/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - files = [ - cfg.licenseFile - ]; - directories = [ - { - directory = cfg.cleanupDirectory; - user = "filebot_cleanup"; - group = "filebot_cleanup"; - mode = "1770"; - } - ]; - }; - }; - }; -} From 6afdcce9512b6718b00a6f39e2c2ca3d12cc658c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 14:58:49 -0500 Subject: [PATCH 885/932] feat: installed jackett --- .../nixos/defiant/configuration.nix | 4 +++ modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/jackett/default.nix | 6 ++++ .../server/jackett/impermanence.nix | 26 +++++++++++++++++ .../nixos-modules/server/jackett/proxy.nix | 28 +++++++++++++++++++ 5 files changed, 65 insertions(+) create mode 100644 modules/nixos-modules/server/jackett/default.nix create mode 100644 modules/nixos-modules/server/jackett/impermanence.nix create mode 100644 modules/nixos-modules/server/jackett/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 03dff033..0c1c50cd 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -362,6 +362,10 @@ enable = true; openFirewall = true; }; + jackett = { + enable = true; + openFirewall = true; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index e550123d..0ed7c183 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -18,6 +18,7 @@ ./radarr ./searx ./sonarr + ./jackett ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix new file mode 100644 index 00000000..f39d9400 --- /dev/null +++ b/modules/nixos-modules/server/jackett/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix new file mode 100644 index 00000000..5826a547 --- /dev/null +++ b/modules/nixos-modules/server/jackett/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + jackett_data_directory = "/var/lib/jackett/.config/Jackett"; +in { + config = lib.mkIf (config.services.jackett.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.jackett.dataDir == jackett_data_directory; + message = "jackett data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = jackett_data_directory; + user = "jackett"; + group = "jackett"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/jackett/proxy.nix b/modules/nixos-modules/server/jackett/proxy.nix new file mode 100644 index 00000000..af5fa791 --- /dev/null +++ b/modules/nixos-modules/server/jackett/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.jackett = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.jackett.enable && config.services.jackett.subdomain != null) { + host.reverse_proxy.subdomains.jackett = { + subdomain = config.services.jackett.subdomain; + extraSubdomains = config.services.jackett.extraSubdomains; + target = "http://127.0.0.1:9117"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} From 59dc4a7ee1a00e71849e35974ea86518568c1251 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 15:12:19 -0500 Subject: [PATCH 886/932] feat: installed flaresolverr --- .../nixos/defiant/configuration.nix | 4 +++ modules/nixos-modules/server/default.nix | 1 + .../server/flaresolverr/default.nix | 6 ++++ .../server/flaresolverr/impermanence.nix | 19 +++++++++++++ .../server/flaresolverr/proxy.nix | 28 +++++++++++++++++++ 5 files changed, 58 insertions(+) create mode 100644 modules/nixos-modules/server/flaresolverr/default.nix create mode 100644 modules/nixos-modules/server/flaresolverr/impermanence.nix create mode 100644 modules/nixos-modules/server/flaresolverr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0c1c50cd..20835a4c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -366,6 +366,10 @@ enable = true; openFirewall = true; }; + flaresolverr = { + enable = true; + openFirewall = true; + }; }; # disable computer sleeping diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 0ed7c183..22a02234 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,6 +8,7 @@ ./actual ./bazarr + ./flaresolverr ./forgejo ./home-assistant ./immich diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix new file mode 100644 index 00000000..f39d9400 --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix new file mode 100644 index 00000000..b568a56f --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/impermanence.nix @@ -0,0 +1,19 @@ +{ + lib, + config, + ... +}: { + config = lib.mkIf (config.services.flaresolverr.enable && config.host.impermanence.enable) { + # FlareSolverr typically doesn't need persistent storage as it's a proxy service + # but we'll add basic structure in case it's needed for logs or configuration + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = "/var/lib/flaresolverr"; + user = "flaresolverr"; + group = "flaresolverr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/flaresolverr/proxy.nix b/modules/nixos-modules/server/flaresolverr/proxy.nix new file mode 100644 index 00000000..5b8dd4cf --- /dev/null +++ b/modules/nixos-modules/server/flaresolverr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.flaresolverr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.flaresolverr.enable && config.services.flaresolverr.subdomain != null) { + host.reverse_proxy.subdomains.flaresolverr = { + subdomain = config.services.flaresolverr.subdomain; + extraSubdomains = config.services.flaresolverr.extraSubdomains; + target = "http://127.0.0.1:${toString config.services.flaresolverr.port}"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} From 488ef1e94a76e0328c97b732b1c6a7f268cdca7d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 15:58:17 -0500 Subject: [PATCH 887/932] build: updated flake.lock --- flake.lock | 98 ++++++++++++++++++------------------------------------ 1 file changed, 32 insertions(+), 66 deletions(-) diff --git a/flake.lock b/flake.lock index 93091053..bb7e3a65 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ ] }, "locked": { - "lastModified": 1758287904, - "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", + "lastModified": 1760701190, + "narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=", "owner": "nix-community", "repo": "disko", - "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", + "rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1759403080, - "narHash": "sha256-EteyL8KyG9R5xzqyOBzyag4n2cSemu61VFrl3opJSqE=", + "lastModified": 1760673822, + "narHash": "sha256-h+liPhhMw1yYvkDGLHzQJQShQs+yLjNgjfAyZX+sRrM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "8af6dfcbcbf1115a4f5aeed77ff0db5d3c02caf0", + "rev": "5cca27f1bb30a26140d0cf60ab34daa45b4fa11f", "type": "gitlab" }, "original": { @@ -111,24 +111,6 @@ "type": "github" } }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -151,11 +133,11 @@ ] }, "locked": { - "lastModified": 1759337100, - "narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=", + "lastModified": 1760662441, + "narHash": "sha256-mlDqR1Ntgs9uYYEAUR1IhamKBO0lxoNS4zGLzEZaY0A=", "owner": "nix-community", "repo": "home-manager", - "rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3", + "rev": "722792af097dff5790f1a66d271a47759f477755", "type": "github" }, "original": { @@ -182,11 +164,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1759624822, - "narHash": "sha256-cf40qfsfpxJU/BnQ9PEj027LdPINNSsJqm+C6Ug93BA=", - "rev": "57333a0e600c5e096a609410a2f1059b97194b1e", + "lastModified": 1755787066, + "narHash": "sha256-X2UwkUEban08GRSPXRr+kz8fckHqebr3P77qSvjoeOw=", + "rev": "ac9721a92e8138d29707824dbedb484c76948493", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/57333a0e600c5e096a609410a2f1059b97194b1e.tar.gz" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ac9721a92e8138d29707824dbedb484c76948493.tar.gz?rev=ac9721a92e8138d29707824dbedb484c76948493" }, "original": { "type": "tarball", @@ -203,11 +185,11 @@ ] }, "locked": { - "lastModified": 1756511062, - "narHash": "sha256-IgD1JR7scSEwlK/YAbmrcTWpAYT30LPldCUHdzXkaMs=", + "lastModified": 1759851320, + "narHash": "sha256-n5dRAIC3/78drQtFxmQRrBLd6TKfotUnX7GWu0mAcSg=", "ref": "refs/heads/main", - "rev": "3f09a5eb772e02d98bb8878ab687d5b721f00d16", - "revCount": 162, + "rev": "7c31a18259b8358ac196cf803a26967c0fa1d3e4", + "revCount": 163, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module.git" }, @@ -245,11 +227,11 @@ ] }, "locked": { - "lastModified": 1758805352, - "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=", + "lastModified": 1760721282, + "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c", + "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168", "type": "github" }, "original": { @@ -281,17 +263,16 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1759369908, - "narHash": "sha256-IIhaE6jAge64z+fIyi/8Vtu0JdTtapbp4CvwiuIkZ1E=", + "lastModified": 1760720017, + "narHash": "sha256-ALb+L8zaP6IJ3BigQJ+ih7NqmaptzL/CbkNkLbhmsGE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "a66ad2141b1440a838ead278c6edfe8a4ce75e6c", + "rev": "b0897a5d1d5829eb67ca7168680873ee7a0d52b8", "type": "github" }, "original": { @@ -302,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1759261527, - "narHash": "sha256-wPd5oGvBBpUEzMF0kWnXge0WITNsITx/aGI9qLHgJ4g=", + "lastModified": 1760106635, + "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e087756cf4abbe1a34f3544c480fc1034d68742f", + "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", "type": "github" }, "original": { @@ -334,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { @@ -389,11 +370,11 @@ ] }, "locked": { - "lastModified": 1759188042, - "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", + "lastModified": 1760393368, + "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", + "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", "type": "github" }, "original": { @@ -431,21 +412,6 @@ "repo": "default", "type": "github" } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", From 62bb650878e45acccd2aa2dae17193101fc6a522 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 17 Oct 2025 16:09:37 -0500 Subject: [PATCH 888/932] fix: fixed mapillary build --- modules/common-modules/pkgs/mapillary-uploader.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 7ce24f22..9ae2ea79 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -9,7 +9,7 @@ src = fetchurl { url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; - sha256 = "sha256-Oyx7AIdA/2mwBaq7UzXOoyq/z2SU2sViMN40sY2RCQw="; + sha256 = "sha256-OY3SiMHUyjwPDrPWfa+mFg2BHZrz6GG/9/D5sCP2Da8="; }; appimageContents = appimageTools.extractType2 { @@ -23,9 +23,6 @@ in # Install desktop file install -Dm644 ${appimageContents}/mapillary-desktop-uploader.desktop $out/share/applications/mapillary-uploader.desktop - # Install icon - install -Dm644 ${appimageContents}/usr/share/icons/hicolor/0x0/apps/mapillary-desktop-uploader.png $out/share/pixmaps/mapillary-uploader.png - # Fix desktop file paths substituteInPlace $out/share/applications/mapillary-uploader.desktop \ --replace 'Exec=AppRun' 'Exec=${pname}' From 5ccfe1a337cd3d8bcf9437a7aabd8e27df27db70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 13:30:08 -0500 Subject: [PATCH 889/932] feat: installed lidarr --- .../nixos/defiant/configuration.nix | 4 +++ modules/nixos-modules/server/default.nix | 3 +- .../nixos-modules/server/lidarr/default.nix | 6 ++++ .../server/lidarr/impermanence.nix | 26 +++++++++++++++++ modules/nixos-modules/server/lidarr/proxy.nix | 28 +++++++++++++++++++ modules/nixos-modules/users.nix | 16 +++++++++++ 6 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 modules/nixos-modules/server/lidarr/default.nix create mode 100644 modules/nixos-modules/server/lidarr/impermanence.nix create mode 100644 modules/nixos-modules/server/lidarr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 20835a4c..5c33ce67 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -362,6 +362,10 @@ enable = true; openFirewall = true; }; + lidarr = { + enable = true; + openFirewall = true; + }; jackett = { enable = true; openFirewall = true; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 22a02234..d35bdc16 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -12,14 +12,15 @@ ./forgejo ./home-assistant ./immich + ./jackett ./jellyfin + ./lidarr ./panoramax ./paperless ./qbittorent.nix ./radarr ./searx ./sonarr - ./jackett ./wyoming.nix ]; } diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix new file mode 100644 index 00000000..f39d9400 --- /dev/null +++ b/modules/nixos-modules/server/lidarr/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./proxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix new file mode 100644 index 00000000..689b9247 --- /dev/null +++ b/modules/nixos-modules/server/lidarr/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; +in { + config = lib.mkIf (config.services.lidarr.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.lidarr.dataDir == lidarr_data_directory; + message = "lidarr data directory does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = lidarr_data_directory; + user = "lidarr"; + group = "lidarr"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/lidarr/proxy.nix b/modules/nixos-modules/server/lidarr/proxy.nix new file mode 100644 index 00000000..0146ccf2 --- /dev/null +++ b/modules/nixos-modules/server/lidarr/proxy.nix @@ -0,0 +1,28 @@ +{ + lib, + config, + ... +}: { + options.services.lidarr = { + subdomain = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Subdomain for reverse proxy. If null, service will be local only."; + }; + extraSubdomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Extra subdomains for reverse proxy."; + }; + }; + + config = lib.mkIf (config.services.lidarr.enable && config.services.lidarr.subdomain != null) { + host.reverse_proxy.subdomains.lidarr = { + subdomain = config.services.lidarr.subdomain; + extraSubdomains = config.services.lidarr.extraSubdomains; + target = "http://127.0.0.1:8686"; + websockets.enable = true; + forwardHeaders.enable = true; + }; + }; +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 137ae4bd..45d688a7 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -29,6 +29,7 @@ radarr = 2014; sonarr = 2015; bazarr = 2016; + lidarr = 2017; }; gids = { @@ -50,6 +51,7 @@ radarr = 2014; sonarr = 2015; bazarr = 2016; + lidarr = 2017; }; users = config.users.users; @@ -221,6 +223,12 @@ in { isSystemUser = true; group = config.users.users.bazarr.name; }; + + lidarr = { + uid = lib.mkForce uids.lidarr; + isSystemUser = true; + group = config.users.users.lidarr.name; + }; }; groups = { @@ -261,6 +269,7 @@ in { users.radarr.name users.sonarr.name users.bazarr.name + users.lidarr.name leyla eve ivy @@ -365,6 +374,13 @@ in { users.bazarr.name ]; }; + + lidarr = { + gid = lib.mkForce gids.lidarr; + members = [ + users.lidarr.name + ]; + }; }; }; } From 69ec14ef79e3aa5d838fac8a5e82ed94126ce336 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 16:26:14 -0500 Subject: [PATCH 890/932] chore: added task to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index acaa6e76..05e3b30f 100644 --- a/README.md +++ b/README.md @@ -79,3 +79,4 @@ nix multi user, multi system, configuration with `sops` secret management, `home - actual instance - intergrade radarr, sonarr, and bazarr - claude code MCP servers should bundle node with them so they work in all environments +- Vikunja service \ No newline at end of file From 85a6f4a006bd519a80702cca059f6d5d0fac03dc Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 16:29:16 -0500 Subject: [PATCH 891/932] chore: removed completed tasks from README.md --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 05e3b30f..e3efb637 100644 --- a/README.md +++ b/README.md @@ -67,16 +67,12 @@ nix multi user, multi system, configuration with `sops` secret management, `home - wake on LAN for updates - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- panoramax instance - mastodon instance - rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier - move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn - make radarr, sonarr, and bazarr accessible over vpn -- create some sort of service that allows uploading files to jellyfin - - auto sort files into where they should go with some combination of filebot cli and picard cli - graphana accessible though tailscale - fix panoramax package - actual instance -- intergrade radarr, sonarr, and bazarr - claude code MCP servers should bundle node with them so they work in all environments - Vikunja service \ No newline at end of file From b05bfc31fef4c4e61afc3dcfc7d34841265dac1a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 18 Oct 2025 17:33:50 -0500 Subject: [PATCH 892/932] feat: removed TODO for provisioning drives --- configurations/nixos/defiant/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 5c33ce67..e7646b0b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -57,7 +57,6 @@ "ata-ST18000NT001-3NF101_ZVTEF27J" "ata-ST18000NE000-3G6101_ZVTJ7359" ] - # TODO: this needs to be configured manually [ "ata-ST4000NE001-2MA101_WS2275P3" "ata-ST4000NE001-2MA101_WS227B9F" From 290db94f42c5823df36e4409dbd17a7a8fb2ba00 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 11:31:15 -0500 Subject: [PATCH 893/932] chore: organized tasks in README.md --- README.md | 79 +++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 50 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index e3efb637..ab32ac86 100644 --- a/README.md +++ b/README.md @@ -47,32 +47,53 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Tasks: ## Tech Debt -- monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- nfs export should be backed by the same values for server and client -## New Features -- crab-hole -- figure out why syncthing and jellyfins permissions don't propagate downwards -- figure out steam vr things? -- auto turn off on power loss - nut -- zfs email after scrubbing # TODO: test this -- SMART test with email results -- samba mounts -- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- Create Tor guard/relay server -- migrate away from flakes and move to npins -- whisper -- zfs encryption FIDO2 2fa (look into shavee) -- Secure Boot - https://github.com/nix-community/lanzaboote -- rotate sops encryption keys periodically (and somehow sync between devices?) -- wake on LAN for updates -- remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- mastodon instance -- rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier -- move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn -- make radarr, sonarr, and bazarr accessible over vpn -- graphana accessible though tailscale -- fix panoramax package -- actual instance -- claude code MCP servers should bundle node with them so they work in all environments -- Vikunja service \ No newline at end of file +- [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) +- [ ] migrate away from flakes and move to npins +- [ ] rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier + +## Broken things +- [ ] figure out steam vr things? +- [ ] whisper was having issues + +## Data Integrity +- [ ] zfs email after scrubbing # TODO: test this +- [ ] SMART test with email results +- [ ] zfs encryption FIDO2 2fa (look into shavee) +- [ ] rotate sops encryption keys periodically (and somehow sync between devices?) +- [ ] Secure Boot - https://github.com/nix-community/lanzaboote +- [ ] auto turn off on power loss - nut + +## Data Access +- [ ] nfs export should be backed by the same values for server and client +- [ ] samba mounts +- [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- [ ] figure out why syncthing and jellyfins permissions don't propagate downwards +- [ ] make radarr, sonarr, and bazarr accessible over vpn +- [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn + +## Services +- [ ] crab-hole for ad block +- [ ] enable and learn actual for budgeting +- [ ] vikunja service for project management +- [ ] Create Tor guard/relay server +- [ ] mastodon instance + +## DevOps +- [ ] wake on LAN for updates +- [ ] remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html +- [ ] ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- [ ] fix panoramax package +- [ ] claude code MCP servers should bundle node with them so they work in all environments + +## Observability +- [ ] graphana for dashboards +- [ ] prometheus and loki for metric and log collection + - [ ] zfs storage usage + - [ ] zfs drive health status + - [ ] service version lag + - [ ] network/cpu/ram utilization + - [ ] http latency + - [ ] postgres db load + - [ ] nginx queries +- [ ] ntfy.sh for push notifications +- [ ] kuma for uptime visualization \ No newline at end of file From 46890110f817489b437bb8e621824bd316f4ef17 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 16:32:10 -0500 Subject: [PATCH 894/932] feat: created crab-hole service --- README.md | 6 +- .../nixos/defiant/configuration.nix | 14 ++ .../server/crab-hole/crab-hole.nix | 144 ++++++++++++++++++ .../server/crab-hole/default.nix | 6 + .../server/crab-hole/impermanence.nix | 26 ++++ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/users.nix | 15 ++ 7 files changed, 210 insertions(+), 2 deletions(-) create mode 100644 modules/nixos-modules/server/crab-hole/crab-hole.nix create mode 100644 modules/nixos-modules/server/crab-hole/default.nix create mode 100644 modules/nixos-modules/server/crab-hole/impermanence.nix diff --git a/README.md b/README.md index ab32ac86..f8c7ecfa 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,10 @@ nix multi user, multi system, configuration with `sops` secret management, `home # Tasks: +## Chores: +- [ ] test out crab hole service +- [ ] learn how to use actual + ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins @@ -72,8 +76,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn ## Services -- [ ] crab-hole for ad block -- [ ] enable and learn actual for budgeting - [ ] vikunja service for project management - [ ] Create Tor guard/relay server - [ ] mastodon instance diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index e7646b0b..c2b8fc55 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -342,6 +342,20 @@ openFirewall = true; }; + crab-hole = { + enable = true; + port = 8085; + openFirewall = true; + show_doc = true; + downstreams = { + loopback = { + enable = true; + openFirewall = true; + }; + }; + upstreams.cloudFlare.enable = true; + }; + qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix new file mode 100644 index 00000000..58ff660b --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -0,0 +1,144 @@ +{ + config, + lib, + ... +}: let + cfg = config.services.crab-hole; +in { + options.services.crab-hole = { + port = lib.mkOption { + type = lib.types.port; + default = 8080; + description = "Port for the crab-hole API to listen on."; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to open the firewall for the crab-hole API port."; + }; + + listen = lib.mkOption { + type = lib.types.str; + default = "0.0.0.0"; + description = "Address for the crab-hole API to listen on."; + }; + + show_doc = lib.mkEnableOption "OpenAPI documentation (loads content from third party websites)"; + + downstreams = { + loopback = { + enable = lib.mkEnableOption "loopback downstream DNS server on localhost:53"; + openFirewall = lib.mkEnableOption "automatic port forwarding for the loopback downstream"; + }; + }; + + extraDownstreams = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { + options = { + protocol = lib.mkOption { + type = lib.types.enum ["udp" "tcp" "tls" "https" "quic"]; + description = "Protocol for the downstream server."; + }; + + listen = lib.mkOption { + type = lib.types.str; + description = "Address to listen on for downstream connections."; + }; + + port = lib.mkOption { + type = lib.types.port; + description = "Port to listen on for downstream connections."; + }; + }; + }); + default = []; + description = "List of additional downstream DNS server configurations."; + }; + + upstreams = { + cloudFlare = { + enable = lib.mkEnableOption "Cloudflare DNS over TLS upstream servers (1.1.1.1 and 1.0.0.1)"; + }; + }; + + extraUpstreams = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { + options = { + socket_addr = lib.mkOption { + type = lib.types.str; + description = "Socket address of the upstream DNS server (e.g., \"1.1.1.1:853\" or \"[2606:4700:4700::1111]:853\")."; + }; + + protocol = lib.mkOption { + type = lib.types.enum ["udp" "tcp" "tls" "https" "quic"]; + description = "Protocol to use for upstream DNS queries."; + }; + }; + }); + default = []; + description = "List of additional upstream DNS server configurations."; + }; + }; + + config = lib.mkIf cfg.enable { + services.crab-hole.settings = lib.mkMerge [ + { + api = { + port = cfg.port; + listen = cfg.listen; + show_doc = cfg.show_doc; + }; + downstream = cfg.extraDownstreams; + upstream.name_servers = cfg.extraUpstreams; + } + (lib.mkIf cfg.downstreams.loopback.enable { + downstream = [ + { + protocol = "udp"; + listen = "localhost"; + port = 53; + } + ]; + }) + (lib.mkIf cfg.upstreams.cloudFlare.enable { + upstream.name_servers = [ + { + socket_addr = "1.1.1.1:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + { + socket_addr = "1.0.0.1:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + { + socket_addr = "[2606:4700:4700::1111]:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + { + socket_addr = "[2606:4700:4700::1001]:853"; + protocol = "tls"; + tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; + trust_nx_responses = false; + } + ]; + }) + ]; + + # Open firewall if requested + networking.firewall = lib.mkMerge [ + (lib.mkIf cfg.openFirewall { + allowedTCPPorts = [cfg.port]; + }) + (lib.mkIf (cfg.downstreams.loopback.enable && cfg.downstreams.loopback.openFirewall) { + allowedUDPPorts = [53]; + }) + ]; + }; +} diff --git a/modules/nixos-modules/server/crab-hole/default.nix b/modules/nixos-modules/server/crab-hole/default.nix new file mode 100644 index 00000000..158a8513 --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./crab-hole.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix new file mode 100644 index 00000000..455e593a --- /dev/null +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -0,0 +1,26 @@ +{ + lib, + config, + ... +}: let + workingDirectory = "/var/lib/private/crab-hole"; +in { + config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = + config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); + message = "crab-hole working directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = workingDirectory; + user = "crab-hole"; + group = "crab-hole"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index d35bdc16..57874d5b 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,6 +8,7 @@ ./actual ./bazarr + ./crab-hole ./flaresolverr ./forgejo ./home-assistant diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 45d688a7..987e080e 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -30,6 +30,7 @@ sonarr = 2015; bazarr = 2016; lidarr = 2017; + crab-hole = 2018; }; gids = { @@ -52,6 +53,7 @@ sonarr = 2015; bazarr = 2016; lidarr = 2017; + crab-hole = 2018; }; users = config.users.users; @@ -229,6 +231,12 @@ in { isSystemUser = true; group = config.users.users.lidarr.name; }; + + crab-hole = { + uid = lib.mkForce uids.crab-hole; + isSystemUser = true; + group = config.users.users.crab-hole.name; + }; }; groups = { @@ -381,6 +389,13 @@ in { users.lidarr.name ]; }; + + crab-hole = { + gid = lib.mkForce gids.crab-hole; + members = [ + users.crab-hole.name + ]; + }; }; }; } From 0c88746da1f8d5d961f9606e98065df6ab9a3b49 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 17:24:29 -0500 Subject: [PATCH 895/932] feat: stubbed out configs for eve home manager user --- configurations/home-manager/eve/packages.nix | 13 ++++++++++ .../nixos/emergent/configuration.nix | 4 ++++ .../home-manager-modules/programs/default.nix | 5 ++++ .../programs/dungeon-draft.nix | 24 +++++++++++++++++++ .../programs/guild-wars-2.nix | 24 +++++++++++++++++++ .../programs/kdenlive.nix | 23 ++++++++++++++++++ .../home-manager-modules/programs/olympus.nix | 23 ++++++++++++++++++ .../home-manager-modules/programs/vortex.nix | 24 +++++++++++++++++++ 8 files changed, 140 insertions(+) create mode 100644 modules/home-manager-modules/programs/dungeon-draft.nix create mode 100644 modules/home-manager-modules/programs/guild-wars-2.nix create mode 100644 modules/home-manager-modules/programs/kdenlive.nix create mode 100644 modules/home-manager-modules/programs/olympus.nix create mode 100644 modules/home-manager-modules/programs/vortex.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index f738fe29..c8f03905 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -61,6 +61,19 @@ in { piper.enable = hardware.piperMouse.enable; krita.enable = true; ungoogled-chromium.enable = true; + + inkscape.enable = true; + obsidian.enable = true; + obs-studio.enable = true; + kdenlive.enable = true; + tor-browser.enable = true; + olympus.enable = true; + libreoffice.enable = true; + + # Windows applications that we need to figure out how to install + guild-wars-2.enable = false; + vortex.enable = false; + dungeon-draft.enable = false; }) ]; }; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index bb671f73..d9222a23 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -41,6 +41,7 @@ # installed opentabletdriver hardware.opentabletdriver.enable = true; + hardware.keyboard.qmk.enable = true; # Enable the GNOME Desktop Environment. services.displayManager.gdm.enable = true; @@ -68,6 +69,9 @@ }; services.tailscale.enable = true; + # We were having weird build errors so this is disabled right now + # error: The option `devices.emergent.folders.eve_records.path' was accessed but has no value defined. Try setting the option + services.syncthing.enable = false; # Configure keymap in X11 # services.xserver.xkb.layout = "us"; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 68e5c717..831e73cd 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -12,11 +12,13 @@ ./obsidian.nix ./prostudiomasters.nix ./idea.nix + ./kdenlive.nix ./krita.nix ./protonvpn.nix ./calibre.nix ./bruno.nix ./dbeaver.nix + ./dungeon-draft.nix ./steam.nix ./vscode ./ungoogled-chromium.nix @@ -24,6 +26,7 @@ ./mapillary-uploader.nix ./inkscape.nix ./gimp.nix + ./guild-wars-2.nix ./proxmark3.nix ./freecad.nix ./onionshare.nix @@ -33,8 +36,10 @@ ./qflipper.nix ./openvpn.nix ./noisetorch.nix + ./olympus.nix ./openrgb.nix ./via.nix + ./vortex.nix ./davinci-resolve.nix ./gdx-liftoff.nix ./tor-browser.nix diff --git a/modules/home-manager-modules/programs/dungeon-draft.nix b/modules/home-manager-modules/programs/dungeon-draft.nix new file mode 100644 index 00000000..faa69c69 --- /dev/null +++ b/modules/home-manager-modules/programs/dungeon-draft.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.programs.dungeon-draft; +in { + options.programs.dungeon-draft = { + enable = lib.mkEnableOption "Dungeon Draft"; + }; + + config = { + assertions = [ + { + assertion = !cfg.enable; + message = '' + Dungeon Draft module is not yet fully configured. + Please download the Dungeon Draft executable (.exe) from the official website, + then configure the Wine environment and executable path as needed. + ''; + } + ]; + }; +} diff --git a/modules/home-manager-modules/programs/guild-wars-2.nix b/modules/home-manager-modules/programs/guild-wars-2.nix new file mode 100644 index 00000000..3f68ec68 --- /dev/null +++ b/modules/home-manager-modules/programs/guild-wars-2.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.programs.guild-wars-2; +in { + options.programs.guild-wars-2 = { + enable = lib.mkEnableOption "Guild Wars 2"; + }; + + config = { + assertions = [ + { + assertion = !cfg.enable; + message = '' + Guild Wars 2 module is not yet fully configured. + Please install Guild Wars 2 manually via Steam or the official client, + then configure the Wine environment as needed. + ''; + } + ]; + }; +} diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix new file mode 100644 index 00000000..2c72fc6e --- /dev/null +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.programs.kdenlive; +in { + options.programs.kdenlive = { + enable = lib.mkEnableOption "kdenlive"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.kdePackages.kdenlive; + description = "The kdenlive package to install."; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ + cfg.package + ]; + }; +} diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix new file mode 100644 index 00000000..4aec03b9 --- /dev/null +++ b/modules/home-manager-modules/programs/olympus.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.programs.olympus; +in { + options.programs.olympus = { + enable = lib.mkEnableOption "olympus"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.olympus; + description = "The olympus package to install."; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [ + cfg.package + ]; + }; +} diff --git a/modules/home-manager-modules/programs/vortex.nix b/modules/home-manager-modules/programs/vortex.nix new file mode 100644 index 00000000..cb865262 --- /dev/null +++ b/modules/home-manager-modules/programs/vortex.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: let + cfg = config.programs.vortex; +in { + options.programs.vortex = { + enable = lib.mkEnableOption "Vortex (Nexus Mods manager)"; + }; + + config = { + assertions = [ + { + assertion = !cfg.enable; + message = '' + Vortex module is not yet fully configured. + Please download and install Vortex manually from the Nexus Mods website, + then configure the Wine environment and dependencies as needed. + ''; + } + ]; + }; +} From 260e37e0169b1655d024d8100c3f2a6ebe8053fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 18:50:26 -0500 Subject: [PATCH 896/932] feat: supported branching for commit checking --- .hooks/post-merge | 18 ++++++++++++++ .hooks/pre-merge-commit | 37 ++++++++++++++++++++++++++++ rebuild.sh | 54 ++++++++++++++++++++++++++++++++++------- 3 files changed, 100 insertions(+), 9 deletions(-) create mode 100755 .hooks/post-merge create mode 100755 .hooks/pre-merge-commit diff --git a/.hooks/post-merge b/.hooks/post-merge new file mode 100755 index 00000000..11fb20cc --- /dev/null +++ b/.hooks/post-merge @@ -0,0 +1,18 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix + +# Get current branch name +current_branch=$(git branch --show-current) + +# Only restore stash if we're on main branch and a merge just completed +if [ "$current_branch" = "main" ]; then + # Check if there are any stashes to restore + if git stash list | grep -q "stash@"; then + echo "Post-merge: restoring stashed changes on main branch" + git stash pop -q + else + echo "Post-merge: no stash to restore on main branch" + fi +else + echo "Post-merge: no action needed on branch '$current_branch'" +fi diff --git a/.hooks/pre-merge-commit b/.hooks/pre-merge-commit new file mode 100755 index 00000000..9edaf92b --- /dev/null +++ b/.hooks/pre-merge-commit @@ -0,0 +1,37 @@ +#!/usr/bin/env nix-shell +#! nix-shell -i bash ../shell.nix + +# Get the target branch (the branch being merged into) +target_branch="" + +# Check if we're in the middle of a merge +if [ -f .git/MERGE_HEAD ]; then + # We're in a merge, check if the current branch is main + current_branch=$(git branch --show-current) + if [ "$current_branch" = "main" ]; then + target_branch="main" + fi +fi + +# If we're merging into main, run nix flake check +if [ "$target_branch" = "main" ]; then + echo "Merging into main branch - running nix flake check..." + + echo "stashing all uncommitted changes" + git stash -q --keep-index + + echo "checking flakes all compile" + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Error: nix flake check failed. Merge aborted." + echo "Please fix the issues and try merging again." + exit 1 + fi + + echo "nix flake check passed. Merge can proceed." +else + echo "Not merging into main branch, skipping nix flake check." +fi + +exit 0 diff --git a/rebuild.sh b/rebuild.sh index 36a12012..67504502 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,5 +1,15 @@ #!/usr/bin/env bash +# Get current branch and git status for branch-aware behavior +current_branch=$(git branch --show-current 2>/dev/null || echo "unknown") +git_status=$(git status --porcelain 2>/dev/null || echo "") + +# Default values +default_target=$(hostname) +default_user="$USER" +default_host=$(hostname) +default_mode=$(if [[ "$current_branch" != "main" ]]; then echo "test"; else echo "switch"; fi) + if [ -d "result" ]; then preserve_result=true @@ -42,14 +52,29 @@ while [ $# -gt 0 ]; do ;; --help|-h) echo "--help -h: print this message" - echo "--target -t: set the target system to rebuild on" - echo "--flake -f: set the flake to rebuild on the target system" - echo "--mode -m: set the mode to rebuild flake as on the target system" - echo "--user -u: set the user to rebuild flake as on the target system" - echo "--host: set the host that the flake will be rebuilt on (unset for current machine)" + echo "--target -t: defaults to the current system" + echo " currently: $default_target" + echo "--flake -f: defaults to same as target" + echo " currently: ${target:-$default_target}" + echo "--mode -m: defaults to 'switch', but 'test' on non-main branches" + echo " currently would be: $default_mode" + echo "--user -u: defaults to the current user" + echo " currently: $default_user" + echo "--host: defaults to building on the current machine" + echo " currently: $default_host" echo "--preserve-result: do not remove the generated result folder after building" echo "--no-preserve-result: remove any result folder after building" echo "--show-trace: show trace on builds" + echo "" + echo "Branch-aware behavior:" + echo " - On non-main branches: defaults to test mode with warning" + echo " - On main with uncommitted changes: shows warning about creating a branch" + echo " - Current branch: $current_branch" + if [[ -n "$git_status" ]]; then + echo " - Git status: uncommitted changes detected" + else + echo " - Git status: clean working tree" + fi exit 0 ;; *) @@ -60,10 +85,21 @@ while [ $# -gt 0 ]; do shift done -target=${target:-$(hostname)} +target=${target:-$default_target} flake=${flake:-$target} -mode=${mode:-switch} -user=${user:-$USER} +mode=${mode:-$default_mode} +user=${user:-$default_user} + +# Branch-aware warnings and behavior +if [[ "$current_branch" != "main" ]] && [[ "$mode" == "test" ]]; then + echo "⚠️ WARNING: You are on branch '$current_branch' (not main)" + echo " Defaulting to test mode to prevent accidental system changes" + echo " Specify --mode=switch explicitly if you want to apply changes" +elif [[ "$current_branch" == "main" ]] && [[ -n "$git_status" ]] && [[ "$mode" != "test" ]]; then + echo "⚠️ WARNING: You are on main branch with uncommitted changes" + echo " Consider creating a feature branch for development:" + echo " git checkout -b feature/your-feature-name" +fi command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" @@ -91,4 +127,4 @@ then then rm -r result fi -fi \ No newline at end of file +fi From dd165d48fea49671e4c74b09fd320ee9be69d404 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 19:14:34 -0500 Subject: [PATCH 897/932] feat: installed vmware for eve home manager user --- configurations/home-manager/eve/packages.nix | 1 + .../home-manager-modules/programs/default.nix | 1 + .../programs/vmware-workstation.nix | 37 +++++++++++++++++++ 3 files changed, 39 insertions(+) create mode 100644 modules/home-manager-modules/programs/vmware-workstation.nix diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index c8f03905..a1806165 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -74,6 +74,7 @@ in { guild-wars-2.enable = false; vortex.enable = false; dungeon-draft.enable = false; + vmware-workstation.enable = true; }) ]; }; diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix index 831e73cd..3fff4895 100644 --- a/modules/home-manager-modules/programs/default.nix +++ b/modules/home-manager-modules/programs/default.nix @@ -44,5 +44,6 @@ ./gdx-liftoff.nix ./tor-browser.nix ./polycule.nix + ./vmware-workstation.nix ]; } diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix new file mode 100644 index 00000000..8e9d406e --- /dev/null +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -0,0 +1,37 @@ +{ + lib, + pkgs, + config, + ... +}: { + options.programs.vmware-workstation = { + enable = lib.mkEnableOption "enable VMware Workstation"; + }; + + config = lib.mkIf config.programs.vmware-workstation.enable ( + lib.mkMerge [ + { + home.packages = with pkgs; [ + vmware-workstation + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + { + directory = ".vmware"; + method = "symlink"; + } + { + directory = "vmware"; + method = "symlink"; + } + ]; + allowOther = true; + }; + } + ) + ] + ); +} From ebf7ea3cf78ff7a007f216b0d0bf13f5ff3dde89 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 20:32:38 -0500 Subject: [PATCH 898/932] feat: added impermanence for more applications --- .../programs/kdenlive.nix | 23 +++++++++++++++---- .../programs/mapillary-uploader.nix | 19 ++++++++++++--- modules/home-manager-modules/programs/obs.nix | 7 +++++- .../home-manager-modules/programs/olympus.nix | 23 +++++++++++++++---- .../home-manager-modules/programs/openrgb.nix | 22 ++++++++++++++---- modules/home-manager-modules/programs/via.nix | 23 +++++++++++++++---- 6 files changed, 93 insertions(+), 24 deletions(-) diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index 2c72fc6e..05327d17 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -15,9 +15,22 @@ in { }; }; - config = lib.mkIf cfg.enable { - home.packages = [ - cfg.package - ]; - }; + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + home.packages = [ + cfg.package + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/kdenliverc" + "${config.xdg.dataHome}/kdenlive" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index 38c11448..df1f0937 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -11,7 +11,20 @@ in { enable = mkEnableOption "Mapillary Desktop Uploader"; }; - config = mkIf cfg.enable { - home.packages = [pkgs.mapillary-uploader]; - }; + config = mkIf cfg.enable (mkMerge [ + { + home.packages = [pkgs.mapillary-uploader]; + } + ( + mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/mapillary-uploader" + "${config.xdg.dataHome}/mapillary-uploader" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 5c2d3c2e..bfdba908 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -6,7 +6,12 @@ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - # TODO: map impermanence for obs + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/obs-studio" + ]; + allowOther = true; + }; } ) ]); diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index 4aec03b9..0e38eecc 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -15,9 +15,22 @@ in { }; }; - config = lib.mkIf cfg.enable { - home.packages = [ - cfg.package - ]; - }; + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + home.packages = [ + cfg.package + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/olympus" + "${config.xdg.dataHome}/olympus" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index ab156a65..c9d5e141 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -8,9 +8,21 @@ enable = lib.mkEnableOption "enable openrgb"; }; - config = lib.mkIf config.programs.openrgb.enable { - home.packages = with pkgs; [ - openrgb - ]; - }; + config = lib.mkIf config.programs.openrgb.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + openrgb + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/OpenRGB" + ]; + allowOther = true; + }; + } + ) + ]); } diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index 41918c81..0aa58e4e 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -8,9 +8,22 @@ enable = lib.mkEnableOption "enable via"; }; - config = lib.mkIf config.programs.via.enable { - home.packages = with pkgs; [ - via - ]; - }; + config = lib.mkIf config.programs.via.enable (lib.mkMerge [ + { + home.packages = with pkgs; [ + via + ]; + } + ( + lib.mkIf config.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.configHome}/via" + "${config.xdg.dataHome}/via" + ]; + allowOther = true; + }; + } + ) + ]); } From e8f7331b6c8e3e33bc927459e2720c0a7e954f55 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 19 Oct 2025 20:52:46 -0500 Subject: [PATCH 899/932] feat: enabled ai for emergent and claude code for eve --- configurations/home-manager/eve/packages.nix | 3 +++ configurations/nixos/emergent/configuration.nix | 1 + 2 files changed, 4 insertions(+) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index a1806165..73195c46 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -18,6 +18,7 @@ in { home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ gnomeExtensions.dash-to-panel + claude-code ] ); @@ -70,6 +71,8 @@ in { olympus.enable = true; libreoffice.enable = true; + claude-code.enable = osConfig.host.ai.enable; + # Windows applications that we need to figure out how to install guild-wars-2.enable = false; vortex.enable = false; diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index d9222a23..6121069f 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -48,6 +48,7 @@ services.desktopManager.gnome.enable = true; host = { + ai.enable = true; users = { eve = { isDesktopUser = true; From d19d535d851eedc73a56f562e7cdf652f43891ca Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 20 Oct 2025 20:01:07 -0500 Subject: [PATCH 900/932] fix: made crab-hole dns accessible from other devices --- .../nixos/defiant/configuration.nix | 2 +- .../server/crab-hole/crab-hole.nix | 44 +++++++++++++++---- 2 files changed, 37 insertions(+), 9 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index c2b8fc55..fdf7356c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -348,7 +348,7 @@ openFirewall = true; show_doc = true; downstreams = { - loopback = { + host = { enable = true; openFirewall = true; }; diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix index 58ff660b..bde1d761 100644 --- a/modules/nixos-modules/server/crab-hole/crab-hole.nix +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -27,9 +27,19 @@ in { show_doc = lib.mkEnableOption "OpenAPI documentation (loads content from third party websites)"; downstreams = { - loopback = { - enable = lib.mkEnableOption "loopback downstream DNS server on localhost:53"; - openFirewall = lib.mkEnableOption "automatic port forwarding for the loopback downstream"; + host = { + enable = lib.mkEnableOption "host downstream DNS server accessible from network on all interfaces"; + port = lib.mkOption { + type = lib.types.port; + default = 53; + description = "Port for the host downstream DNS server to listen on."; + }; + openFirewall = lib.mkEnableOption "automatic port forwarding for the host downstream"; + disableSystemdResolved = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Whether to automatically disable systemd-resolved when using port 53. Set to false if you want to handle the conflict manually."; + }; }; }; @@ -82,6 +92,24 @@ in { }; config = lib.mkIf cfg.enable { + # Assertions for proper configuration + assertions = [ + { + assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && config.services.resolved.enable && cfg.downstreams.host.disableSystemdResolved); + message = "crab-hole host downstream cannot use port 53 while systemd-resolved is enabled. Either disable systemd-resolved or use a different port."; + } + { + assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && !cfg.downstreams.host.disableSystemdResolved && config.services.resolved.enable); + message = "crab-hole host downstream is configured to use port 53 but systemd-resolved is still enabled and disableSystemdResolved is false. Set disableSystemdResolved = true or manually disable systemd-resolved."; + } + ]; + + # Automatically disable systemd-resolved if using port 53 + services.resolved.enable = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkForce false); + + # Configure DNS nameservers when disabling systemd-resolved + networking.nameservers = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkDefault ["127.0.0.1" "1.1.1.1" "8.8.8.8"]); + services.crab-hole.settings = lib.mkMerge [ { api = { @@ -92,12 +120,12 @@ in { downstream = cfg.extraDownstreams; upstream.name_servers = cfg.extraUpstreams; } - (lib.mkIf cfg.downstreams.loopback.enable { + (lib.mkIf cfg.downstreams.host.enable { downstream = [ { protocol = "udp"; - listen = "localhost"; - port = 53; + listen = "0.0.0.0"; + port = cfg.downstreams.host.port; } ]; }) @@ -136,8 +164,8 @@ in { (lib.mkIf cfg.openFirewall { allowedTCPPorts = [cfg.port]; }) - (lib.mkIf (cfg.downstreams.loopback.enable && cfg.downstreams.loopback.openFirewall) { - allowedUDPPorts = [53]; + (lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.openFirewall) { + allowedUDPPorts = [cfg.downstreams.host.port]; }) ]; }; From 290c0692bb394071c470f35e96ceb08ec987f7fe Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 20 Oct 2025 20:24:28 -0500 Subject: [PATCH 901/932] feat: added block list to crab-hole --- .../nixos/defiant/configuration.nix | 1 + .../server/crab-hole/crab-hole.nix | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index fdf7356c..6908eb79 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -354,6 +354,7 @@ }; }; upstreams.cloudFlare.enable = true; + blocklists.ad_malware.enable = true; }; qbittorrent = { diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix index bde1d761..d76323ae 100644 --- a/modules/nixos-modules/server/crab-hole/crab-hole.nix +++ b/modules/nixos-modules/server/crab-hole/crab-hole.nix @@ -89,6 +89,23 @@ in { default = []; description = "List of additional upstream DNS server configurations."; }; + + blocklists = { + ad_malware = { + enable = lib.mkEnableOption "Host file for blocking ads and malware"; + url = lib.mkOption { + type = lib.types.str; + default = "http://sbc.io/hosts/hosts"; + description = "URL of the ad and malware blocklist host file"; + }; + }; + }; + + extraBlocklists = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional blocklist URLs to be added to the configuration"; + }; }; config = lib.mkIf cfg.enable { @@ -119,7 +136,11 @@ in { }; downstream = cfg.extraDownstreams; upstream.name_servers = cfg.extraUpstreams; + blocklist.lists = cfg.extraBlocklists; } + (lib.mkIf cfg.blocklists.ad_malware.enable { + blocklist.lists = [cfg.blocklists.ad_malware.url]; + }) (lib.mkIf cfg.downstreams.host.enable { downstream = [ { From f21777b1fbe69d747e84f0a7bd5eed85a62f576e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 20 Oct 2025 20:55:35 -0500 Subject: [PATCH 902/932] fix: fixed pre and post commit hook behavior --- .hooks/post-commit | 10 +++++++++- .hooks/post-merge | 26 ++++++++++++++++++++------ .hooks/pre-commit | 24 +++++++++++++++++------- .hooks/pre-merge-commit | 4 ++-- 4 files changed, 48 insertions(+), 16 deletions(-) diff --git a/.hooks/post-commit b/.hooks/post-commit index 56c439da..03a160da 100755 --- a/.hooks/post-commit +++ b/.hooks/post-commit @@ -3,4 +3,12 @@ echo "restoring stashed changes" -git stash pop -q +# Find the most recent pre-commit stash and restore it +recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) + +if [ -n "$recent_stash" ]; then + echo "Found recent pre-commit stash: $recent_stash" + git stash pop -q "$recent_stash" +else + echo "No pre-commit stash found to restore" +fi diff --git a/.hooks/post-merge b/.hooks/post-merge index 11fb20cc..06fabc33 100755 --- a/.hooks/post-merge +++ b/.hooks/post-merge @@ -4,14 +4,28 @@ # Get current branch name current_branch=$(git branch --show-current) -# Only restore stash if we're on main branch and a merge just completed +# Only perform actions if we're on main branch and a merge just completed if [ "$current_branch" = "main" ]; then - # Check if there are any stashes to restore - if git stash list | grep -q "stash@"; then - echo "Post-merge: restoring stashed changes on main branch" - git stash pop -q + echo "Post-merge on main branch - running nix flake check" + + # Run nix flake check after merge into main + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Warning: nix flake check failed after merge into main" + echo "Please fix the issues as soon as possible" else - echo "Post-merge: no stash to restore on main branch" + echo "nix flake check passed after merge" + fi + + # Check if there are any pre-commit stashes to restore + recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) + + if [ -n "$recent_stash" ]; then + echo "Post-merge: restoring pre-commit stash on main branch" + git stash pop -q "$recent_stash" + else + echo "Post-merge: no pre-commit stash to restore on main branch" fi else echo "Post-merge: no action needed on branch '$current_branch'" diff --git a/.hooks/pre-commit b/.hooks/pre-commit index f98c64f8..74cbc64a 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -1,14 +1,24 @@ #!/usr/bin/env nix-shell #! nix-shell -i bash ../shell.nix -echo "stashing all uncommitted changes" -git stash -q --keep-index +# Get current branch name +current_branch=$(git branch --show-current) -echo "checking flakes all compile" -nix flake check +echo "stashing all uncommitted changes with named stash (excluding hooks)" +git stash push -q --keep-index -m "pre-commit-stash-$(date +%s)" -- ':!.hooks/' -if [ ! $? -eq 0 ]; then - exit 1 +# Only run nix flake check if we're on main branch +if [ "$current_branch" = "main" ]; then + echo "On main branch - checking flakes all compile" + nix flake check + + if [ ! $? -eq 0 ]; then + echo "Error: nix flake check failed on main branch" + exit 1 + fi + echo "nix flake check passed" +else + echo "Not on main branch - skipping nix flake check" fi echo "running linter" @@ -19,4 +29,4 @@ RESULT=$? echo "adding lint changes to commit" git add -u -exit $RESULT \ No newline at end of file +exit $RESULT diff --git a/.hooks/pre-merge-commit b/.hooks/pre-merge-commit index 9edaf92b..9b7b41d4 100755 --- a/.hooks/pre-merge-commit +++ b/.hooks/pre-merge-commit @@ -17,8 +17,8 @@ fi if [ "$target_branch" = "main" ]; then echo "Merging into main branch - running nix flake check..." - echo "stashing all uncommitted changes" - git stash -q --keep-index + echo "stashing all uncommitted changes with named stash (excluding hooks)" + git stash push -q --keep-index -m "pre-merge-stash-$(date +%s)" -- ':!.hooks/' echo "checking flakes all compile" nix flake check From 539af51473126cf2a715803d80d21b5a7bfdcd13 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 18:52:38 -0500 Subject: [PATCH 903/932] disabled crab-hole --- configurations/nixos/defiant/configuration.nix | 2 +- modules/nixos-modules/server/crab-hole/impermanence.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6908eb79..6d2925a7 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -343,7 +343,7 @@ }; crab-hole = { - enable = true; + enable = false; port = 8085; openFirewall = true; show_doc = true; diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix index 455e593a..8e1182c5 100644 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -5,7 +5,7 @@ }: let workingDirectory = "/var/lib/private/crab-hole"; in { - config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + config = lib.mkIf (config.services.crab-hole.enable && config.host.impermanence.enable) { assertions = [ { assertion = From 3f107f8d1eed9b38ae1270d61c283e1aed480ffa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 19:35:56 -0500 Subject: [PATCH 904/932] fix: fixed home manager impermanence activation on defiant --- configurations/home-manager/git/default.nix | 2 ++ configurations/home-manager/leyla/default.nix | 2 ++ modules/home-manager-modules/impermanence.nix | 16 ++++++++++------ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/git/default.nix b/configurations/home-manager/git/default.nix index 2276e7a3..1ea29cc3 100644 --- a/configurations/home-manager/git/default.nix +++ b/configurations/home-manager/git/default.nix @@ -1,4 +1,6 @@ {osConfig, ...}: { + impermanence.fallbackPersistence.enable = false; + home = { username = osConfig.users.users.git.name; homeDirectory = osConfig.users.users.git.home; diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index eba7f7b8..8a377549 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -12,6 +12,8 @@ ]; config = { + impermanence.enable = osConfig.host.impermanence.enable; + # Home Manager needs a bit of information about you and the paths it should # manage. home = { diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index dc9eae97..6c75edd1 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -8,21 +8,25 @@ in { options.impermanence = { enable = lib.mkEnableOption "impermanence for home directory"; + fallbackPersistence.enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; }; config = lib.mkMerge [ (lib.mkIf config.impermanence.enable { assertions = [ { - assertion = osConfig.impermanence.enable; - message = "impermanence can not be enabled for a user when it is not enabled for a configuration"; + assertion = osConfig.host.impermanence.enable; + message = "impermanence can not be enabled for a user when it is not enabled for the system"; } ]; }) - (lib.mkIf osConfig.host.impermanence.enable { - # If impermanence is not enabled for this user but system impermanence is enabled, - # persist the entire home directory as fallback - home.persistence."/persist/home/${config.home.username}" = lib.mkIf (!cfg.enable) { + # If impermanence is not enabled for this user but system impermanence is enabled, + # persist the entire home directory as fallback + (lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { + home.persistence."/persist/home/${config.home.username}" = { directories = ["."]; allowOther = true; }; From 455a98810abeefa12186e6484569131db4240a73 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:03:52 -0500 Subject: [PATCH 905/932] feat: enabled crab-hole --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6d2925a7..6908eb79 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -343,7 +343,7 @@ }; crab-hole = { - enable = false; + enable = true; port = 8085; openFirewall = true; show_doc = true; From b17f8d49d5f3bd141ccc1a8e287c5f6b8b2acd76 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:32:24 -0500 Subject: [PATCH 906/932] build: updated flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index bb7e3a65..09349a68 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1760673822, - "narHash": "sha256-h+liPhhMw1yYvkDGLHzQJQShQs+yLjNgjfAyZX+sRrM=", + "lastModified": 1761019419, + "narHash": "sha256-lOzy4BGZtPxxNOzDEwfy3lcb7enl53f1wYP/JVWwSHg=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5cca27f1bb30a26140d0cf60ab34daa45b4fa11f", + "rev": "727c8a012382db77e14d72ce1fe4e19be3206ce6", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1760662441, - "narHash": "sha256-mlDqR1Ntgs9uYYEAUR1IhamKBO0lxoNS4zGLzEZaY0A=", + "lastModified": 1761081701, + "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "722792af097dff5790f1a66d271a47759f477755", + "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1759342933, - "narHash": "sha256-mdlUFcrOfvT0Pm+Hko/6aR3xf1ao5JA2iem4KsEVjP4=", + "lastModified": 1760821194, + "narHash": "sha256-UCsJ8eDuHL14u2GFIYEY/drtZ6jht5zN/G/6QNlEy2g=", "owner": "utensils", "repo": "mcp-nixos", - "rev": "50b02bcba32b941d2ec48fedef68641702ca5b0f", + "rev": "0ae453f38d0f088c31d4678da3a12b183165986f", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1760720017, - "narHash": "sha256-ALb+L8zaP6IJ3BigQJ+ih7NqmaptzL/CbkNkLbhmsGE=", + "lastModified": 1761011896, + "narHash": "sha256-p6oWYhpJGIV76tJExGUFRkir29yCTUYLsnKmnhzW2C0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "b0897a5d1d5829eb67ca7168680873ee7a0d52b8", + "rev": "0a74c6a180110ac18584780eeff31e302b0bf8a4", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760106635, - "narHash": "sha256-2GoxVaKWTHBxRoeUYSjv0AfSOx4qw5CWSFz2b+VolKU=", + "lastModified": 1760958188, + "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9ed85f8afebf2b7478f25db0a98d0e782c0ed903", + "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { @@ -370,11 +370,11 @@ ] }, "locked": { - "lastModified": 1760393368, - "narHash": "sha256-8mN3kqyqa2PKY0wwZ2UmMEYMcxvNTwLaOrrDsw6Qi4E=", + "lastModified": 1760998189, + "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ab8d56e85b8be14cff9d93735951e30c3e86a437", + "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", "type": "github" }, "original": { From db8d36dadc3edff29eecf85137d5c5048c4a5960 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:39:16 -0500 Subject: [PATCH 907/932] build: updated mapillary uploader hash --- modules/common-modules/pkgs/mapillary-uploader.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix index 9ae2ea79..acff7723 100644 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ b/modules/common-modules/pkgs/mapillary-uploader.nix @@ -9,7 +9,7 @@ src = fetchurl { url = "http://tools.mapillary.com/uploader/download/linux/${version}"; name = "mapillary-uploader.AppImage"; - sha256 = "sha256-OY3SiMHUyjwPDrPWfa+mFg2BHZrz6GG/9/D5sCP2Da8="; + sha256 = "sha256-hpWdfeuhYylO+SFD3BsKI0s/xtObCDd5OcuJ6i/aEuI="; }; appimageContents = appimageTools.extractType2 { From 466926b919bbc929aece6cb0f21c6cc62cd13a06 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 21 Oct 2025 20:44:53 -0500 Subject: [PATCH 908/932] refactor: updated git configuration --- configurations/home-manager/eve/packages.nix | 8 +++++--- configurations/home-manager/leyla/packages/git.nix | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 73195c46..fb8d8a47 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -32,9 +32,11 @@ in { (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { git = { enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; + settings = { + user.name = "Eve"; + user.email = "evesnrobins@gmail.com"; + init.defaultBranch = "main"; + }; }; openssh = { diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix index 568cd7ab..499e37b1 100644 --- a/configurations/home-manager/leyla/packages/git.nix +++ b/configurations/home-manager/leyla/packages/git.nix @@ -2,9 +2,11 @@ config = { programs = { git = { - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; + settings = { + user.name = "Leyla Becker"; + user.email = "git@jan-leila.com"; + init.defaultBranch = "main"; + }; }; }; }; From 4dd285c1229a15ad051f432219897f9b3c93d0c8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 12:45:17 -0500 Subject: [PATCH 909/932] feat: refactored reverse proxy to be a normally named module --- .../nixos/defiant/configuration.nix | 31 ++-- modules/nixos-modules/server/actual/proxy.nix | 23 ++- .../nixos-modules/server/bazarr/default.nix | 1 - modules/nixos-modules/server/bazarr/proxy.nix | 28 ---- modules/nixos-modules/server/default.nix | 2 +- .../server/flaresolverr/default.nix | 1 - .../server/flaresolverr/proxy.nix | 28 ---- .../nixos-modules/server/forgejo/default.nix | 2 +- .../nixos-modules/server/forgejo/proxy.nix | 25 ++- .../server/home-assistant/default.nix | 2 +- .../server/home-assistant/proxy.nix | 36 ++-- modules/nixos-modules/server/immich/proxy.nix | 39 +++-- .../nixos-modules/server/jackett/default.nix | 1 - .../nixos-modules/server/jackett/proxy.nix | 28 ---- .../nixos-modules/server/jellyfin/proxy.nix | 33 ++-- .../nixos-modules/server/lidarr/default.nix | 1 - modules/nixos-modules/server/lidarr/proxy.nix | 28 ---- .../nixos-modules/server/panoramax/proxy.nix | 36 ++-- .../server/paperless/default.nix | 1 - .../nixos-modules/server/paperless/proxy.nix | 33 ++-- .../nixos-modules/server/radarr/default.nix | 1 - modules/nixos-modules/server/radarr/proxy.nix | 28 ---- .../server/reverseProxy/default.nix | 6 + .../server/reverseProxy/impermanence.nix | 21 +++ .../server/reverseProxy/reverseProxy.nix | 158 ++++++++++++++++++ .../nixos-modules/server/reverse_proxy.nix | 128 -------------- modules/nixos-modules/server/searx/proxy.nix | 28 +++- .../nixos-modules/server/sonarr/default.nix | 1 - modules/nixos-modules/server/sonarr/proxy.nix | 28 ---- 29 files changed, 352 insertions(+), 426 deletions(-) delete mode 100644 modules/nixos-modules/server/bazarr/proxy.nix delete mode 100644 modules/nixos-modules/server/flaresolverr/proxy.nix delete mode 100644 modules/nixos-modules/server/jackett/proxy.nix delete mode 100644 modules/nixos-modules/server/lidarr/proxy.nix delete mode 100644 modules/nixos-modules/server/radarr/proxy.nix create mode 100644 modules/nixos-modules/server/reverseProxy/default.nix create mode 100644 modules/nixos-modules/server/reverseProxy/impermanence.nix create mode 100644 modules/nixos-modules/server/reverseProxy/reverseProxy.nix delete mode 100644 modules/nixos-modules/server/reverse_proxy.nix delete mode 100644 modules/nixos-modules/server/sonarr/proxy.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6908eb79..91a8c2cc 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -102,11 +102,6 @@ directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; - reverse_proxy = { - enable = true; - enableACME = true; - hostname = "jan-leila.com"; - }; postgres = { extraUsers = { leyla = { @@ -237,6 +232,16 @@ gnome.enable = true; }; + # Enable new reverse proxy system + reverseProxy = { + enable = true; + openFirewall = true; + acme = { + enable = true; + email = "jan-leila@protonmail.com"; + }; + }; + ollama = { enable = true; exposePort = true; @@ -294,33 +299,33 @@ jellyfin = { enable = true; - subdomain = "media"; - extraSubdomains = ["jellyfin"]; + domain = "media.jan-leila.com"; + extraDomains = ["jellyfin.jan-leila.com"]; }; immich = { enable = true; - subdomain = "photos"; + domain = "photos.jan-leila.com"; }; forgejo = { enable = true; - subdomain = "git"; + domain = "git.jan-leila.com"; }; searx = { enable = true; - subdomain = "search"; + domain = "search.jan-leila.com"; }; actual = { enable = false; - subdomain = "budget"; + domain = "budget.jan-leila.com"; }; home-assistant = { enable = true; - subdomain = "home"; + domain = "home.jan-leila.com"; openFirewall = true; database = "postgres"; @@ -333,7 +338,7 @@ paperless = { enable = true; - subdomain = "documents"; + domain = "documents.jan-leila.com"; passwordFile = config.sops.secrets."services/paperless_password".path; }; diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index 6ca51e49..bf1711ab 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -4,17 +4,26 @@ ... }: { options.services.actual = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - default = "actual"; - description = "subdomain of base domain that actual will be hosted at"; + description = "domain that actual will be hosted at"; + default = "actual.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for actual"; + default = []; }; }; - config = lib.mkIf (config.services.actual.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.actual.subdomain} = { - target = "http://localhost:${toString config.services.actual.settings.port}"; + config = lib.mkIf (config.services.actual.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.actual = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + domain = config.services.actual.domain; + extraDomains = config.services.actual.extraDomains; + + settings = { + forwardHeaders.enable = true; }; }; }; diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix index f39d9400..86dbb4b1 100644 --- a/modules/nixos-modules/server/bazarr/default.nix +++ b/modules/nixos-modules/server/bazarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/bazarr/proxy.nix b/modules/nixos-modules/server/bazarr/proxy.nix deleted file mode 100644 index fe310d81..00000000 --- a/modules/nixos-modules/server/bazarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.bazarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.bazarr.enable && config.services.bazarr.subdomain != null) { - host.reverse_proxy.subdomains.bazarr = { - subdomain = config.services.bazarr.subdomain; - extraSubdomains = config.services.bazarr.extraSubdomains; - target = "http://127.0.0.1:6767"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 57874d5b..4981f28a 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,6 +1,6 @@ {...}: { imports = [ - ./reverse_proxy.nix + ./reverseProxy ./fail2ban.nix ./postgres.nix ./network_storage diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix index f39d9400..86dbb4b1 100644 --- a/modules/nixos-modules/server/flaresolverr/default.nix +++ b/modules/nixos-modules/server/flaresolverr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/flaresolverr/proxy.nix b/modules/nixos-modules/server/flaresolverr/proxy.nix deleted file mode 100644 index 5b8dd4cf..00000000 --- a/modules/nixos-modules/server/flaresolverr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.flaresolverr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.flaresolverr.enable && config.services.flaresolverr.subdomain != null) { - host.reverse_proxy.subdomains.flaresolverr = { - subdomain = config.services.flaresolverr.subdomain; - extraSubdomains = config.services.flaresolverr.extraSubdomains; - target = "http://127.0.0.1:${toString config.services.flaresolverr.port}"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index 1fdc8d9a..5d0e7ad0 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -31,7 +31,7 @@ in { lfs.enable = true; settings = { server = { - DOMAIN = "${config.services.forgejo.subdomain}.${config.host.reverse_proxy.hostname}"; + DOMAIN = config.services.forgejo.reverseProxy.domain; HTTP_PORT = httpPort; START_SSH_SERVER = true; SSH_LISTEN_PORT = sshPort; diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index 51f769d1..bde59d1a 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -7,16 +7,29 @@ httpPort = const.httpPort; in { options.services.forgejo = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that forgejo will be hosted at"; - default = "forgejo"; + reverseProxy = { + domain = lib.mkOption { + type = lib.types.str; + description = "domain that forgejo will be hosted at"; + default = "git.jan-leila.com"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for forgejo"; + default = []; + }; }; }; - config = lib.mkIf (config.services.forgejo.enable && config.host.reverse_proxy.enable) { - host.reverse_proxy.subdomains.${config.services.forgejo.subdomain} = { + config = lib.mkIf (config.services.forgejo.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.forgejo = { target = "http://localhost:${toString httpPort}"; + domain = config.services.forgejo.reverseProxy.domain; + extraDomains = config.services.forgejo.reverseProxy.extraDomains; + + settings = { + forwardHeaders.enable = true; + }; }; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 83d8ba76..4b1846b4 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -82,7 +82,7 @@ login_attempts_threshold = 10; }; homeassistant = { - external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; + external_url = "https://${config.services.home-assistant.domain}"; # internal_url = "http://192.168.1.2:8123"; }; recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index ba8f20da..1075c59f 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -4,29 +4,33 @@ ... }: { options.services.home-assistant = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; + description = "domain that home-assistant will be hosted at"; + default = "home-assistant.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for home-assistant"; + default = []; }; }; - config = lib.mkIf (config.host.reverse_proxy.enable && config.services.home-assistant.enable) { - host = { - reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + config = lib.mkIf (config.services.reverseProxy.enable && config.services.home-assistant.enable) { + services.reverseProxy.services.home-assistant = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + domain = config.services.home-assistant.domain; + extraDomains = config.services.home-assistant.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - extraConfig = '' - add_header Upgrade $http_upgrade; - add_header Connection \"upgrade\"; - - proxy_buffering off; - - proxy_read_timeout 90; - ''; + # Custom timeout settings + proxyHeaders = { + enable = true; + timeout = 90; + }; }; }; }; diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index dae2420b..a50ea1e0 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -4,31 +4,34 @@ ... }: { options.services.immich = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that immich will be hosted at"; - default = "immich"; + description = "domain that immich will be hosted at"; + default = "immich.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for immich"; + default = []; }; }; - config = lib.mkIf (config.services.immich.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.immich.subdomain} = { - target = "http://localhost:${toString config.services.immich.port}"; + config = lib.mkIf (config.services.immich.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.immich = { + target = "http://localhost:${toString config.services.immich.port}"; + domain = config.services.immich.domain; + extraDomains = config.services.immich.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; + maxBodySize = 50000; - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - - # set timeout - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - proxy_redirect off; - ''; + # Custom timeout settings + proxyHeaders = { + enable = true; + timeout = 600; + }; }; }; }; diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix index f39d9400..86dbb4b1 100644 --- a/modules/nixos-modules/server/jackett/default.nix +++ b/modules/nixos-modules/server/jackett/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/jackett/proxy.nix b/modules/nixos-modules/server/jackett/proxy.nix deleted file mode 100644 index af5fa791..00000000 --- a/modules/nixos-modules/server/jackett/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.jackett = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.jackett.enable && config.services.jackett.subdomain != null) { - host.reverse_proxy.subdomains.jackett = { - subdomain = config.services.jackett.subdomain; - extraSubdomains = config.services.jackett.extraSubdomains; - target = "http://127.0.0.1:9117"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index 1020a19e..f803ecb7 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -6,33 +6,30 @@ jellyfinPort = 8096; in { options.services.jellyfin = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that jellyfin will be hosted at"; - default = "jellyfin"; + description = "domain that jellyfin will be hosted at"; + default = "jellyfin.arpa"; }; - extraSubdomains = lib.mkOption { + extraDomains = lib.mkOption { type = lib.types.listOf lib.types.str; - description = "ex subdomain of base domain that jellyfin will be hosted at"; + description = "extra domains that should be configured for jellyfin"; default = []; }; }; - config = lib.mkIf (config.services.jellyfin.enable && config.host.reverse_proxy.enable) { - host.reverse_proxy.subdomains.jellyfin = { + config = lib.mkIf (config.services.jellyfin.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; + domain = config.services.jellyfin.domain; + extraDomains = config.services.jellyfin.extraDomains; - subdomain = config.services.jellyfin.subdomain; - extraSubdomains = config.services.jellyfin.extraSubdomains; - - forwardHeaders.enable = true; - - extraConfig = '' - client_max_body_size 20M; - add_header X-Content-Type-Options "nosniff"; - - proxy_buffering off; - ''; + settings = { + forwardHeaders.enable = true; + maxBodySize = 20; + noSniff.enable = true; + proxyBuffering.enable = false; + }; }; }; } diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix index f39d9400..86dbb4b1 100644 --- a/modules/nixos-modules/server/lidarr/default.nix +++ b/modules/nixos-modules/server/lidarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/lidarr/proxy.nix b/modules/nixos-modules/server/lidarr/proxy.nix deleted file mode 100644 index 0146ccf2..00000000 --- a/modules/nixos-modules/server/lidarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.lidarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.lidarr.enable && config.services.lidarr.subdomain != null) { - host.reverse_proxy.subdomains.lidarr = { - subdomain = config.services.lidarr.subdomain; - extraSubdomains = config.services.lidarr.extraSubdomains; - target = "http://127.0.0.1:8686"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 79f93260..35bc79b9 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -4,31 +4,29 @@ ... }: { options.services.panoramax = { - subdomain = lib.mkOption { + domain = lib.mkOption { type = lib.types.str; - description = "subdomain of base domain that panoramax will be hosted at"; - default = "panoramax"; + description = "domain that panoramax will be hosted at"; + default = "panoramax.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for panoramax"; + default = []; }; }; - config = lib.mkIf (config.services.panoramax.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.panoramax.subdomain} = { - target = "http://localhost:${toString config.services.panoramax.port}"; + config = lib.mkIf (config.services.panoramax.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.panoramax = { + target = "http://localhost:${toString config.services.panoramax.port}"; + domain = config.services.panoramax.domain; + extraDomains = config.services.panoramax.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads for panoramic images - client_max_body_size 100M; - - # set timeout for image processing - proxy_read_timeout 300s; - proxy_send_timeout 300s; - send_timeout 300s; - proxy_redirect off; - ''; + maxBodySize = 100000; + timeout = 300; }; }; }; diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index a6878eb0..d2bc930f 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -22,7 +22,6 @@ config = lib.mkIf config.services.paperless.enable { services.paperless = { - domain = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; configureTika = true; settings = { PAPERLESS_DBENGINE = "postgresql"; diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index 2910f079..e79c8d97 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -4,25 +4,30 @@ ... }: { options.services.paperless = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that paperless will be hosted at"; - default = "paperless"; + reverseProxy = { + domain = lib.mkOption { + type = lib.types.str; + description = "domain that paperless will be hosted at"; + default = "paperless.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for paperless"; + default = []; + }; }; }; - config = lib.mkIf (config.services.paperless.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + config = lib.mkIf (config.services.paperless.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.paperless = { + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; + domain = config.services.paperless.reverseProxy.domain; + extraDomains = config.services.paperless.reverseProxy.extraDomains; - websockets.enable = true; + settings = { + proxyWebsockets.enable = true; forwardHeaders.enable = true; - - extraConfig = '' - # allow large file uploads - client_max_body_size 50000M; - ''; + maxBodySize = 50000; }; }; }; diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix index f39d9400..86dbb4b1 100644 --- a/modules/nixos-modules/server/radarr/default.nix +++ b/modules/nixos-modules/server/radarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/radarr/proxy.nix b/modules/nixos-modules/server/radarr/proxy.nix deleted file mode 100644 index ec5f575f..00000000 --- a/modules/nixos-modules/server/radarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.radarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.radarr.enable && config.services.radarr.subdomain != null) { - host.reverse_proxy.subdomains.radarr = { - subdomain = config.services.radarr.subdomain; - extraSubdomains = config.services.radarr.extraSubdomains; - target = "http://127.0.0.1:7878"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} diff --git a/modules/nixos-modules/server/reverseProxy/default.nix b/modules/nixos-modules/server/reverseProxy/default.nix new file mode 100644 index 00000000..5d571753 --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./reverseProxy.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/reverseProxy/impermanence.nix b/modules/nixos-modules/server/reverseProxy/impermanence.nix new file mode 100644 index 00000000..7af55df2 --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/impermanence.nix @@ -0,0 +1,21 @@ +{ + lib, + config, + ... +}: let + dataDir = "/var/lib/acme"; +in { + config = lib.mkIf (config.host.impermanence.enable && config.services.reverseProxy.enable) { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "acme"; + group = "acme"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix new file mode 100644 index 00000000..5b8357fe --- /dev/null +++ b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix @@ -0,0 +1,158 @@ +{ + lib, + config, + ... +}: { + options.services.reverseProxy = { + enable = lib.mkEnableOption "turn on the reverse proxy"; + openFirewall = lib.mkEnableOption "open the firewall"; + ports = { + http = lib.mkOption { + type = lib.types.port; + description = "HTTP port for the reverse proxy"; + default = 80; + }; + https = lib.mkOption { + type = lib.types.port; + description = "HTTPS port for the reverse proxy"; + default = 443; + }; + }; + acme = { + enable = lib.mkOption { + type = lib.types.bool; + description = "enable ACME certificate management"; + default = true; + }; + email = lib.mkOption { + type = lib.types.str; + description = "email address for ACME certificate registration"; + }; + }; + services = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + target = lib.mkOption { + type = lib.types.str; + description = "what url will all traffic to this application be forwarded to"; + }; + domain = lib.mkOption { + type = lib.types.str; + description = "what is the default subdomain to be used for this application to be used for"; + default = name; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for this domain"; + default = []; + }; + settings = { + certificateRenewal.enable = lib.mkOption { + type = lib.types.bool; + description = "auto renew certificates"; + default = true; + }; + forceSSL.enable = lib.mkOption { + type = lib.types.bool; + description = "auto renew certificates"; + default = true; + }; + proxyHeaders = { + enable = lib.mkEnableOption "should we proxy headers"; + timeout = lib.mkOption { + type = lib.types.int; + default = 60; + }; + }; + proxyWebsockets.enable = lib.mkEnableOption "should the default config proxy websockets"; + forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; + noSniff.enable = lib.mkEnableOption "should the no sniff flags be set"; + proxyBuffering.enable = lib.mkOption { + type = lib.types.bool; + description = "should proxy buffering be enabled"; + default = true; + }; + maxBodySize = lib.mkOption { + type = lib.types.nullOr lib.types.int; + description = ""; + default = null; + }; + }; + }; + })); + }; + }; + + config = let + httpPort = config.services.reverseProxy.ports.http; + httpsPort = config.services.reverseProxy.ports.https; + in + lib.mkIf config.services.reverseProxy.enable { + security.acme = lib.mkIf config.services.reverseProxy.acme.enable { + acceptTerms = true; + defaults.email = config.services.reverseProxy.acme.email; + }; + + services.nginx = { + enable = true; + virtualHosts = lib.mkMerge ( + lib.lists.flatten ( + lib.attrsets.mapAttrsToList ( + name: service: let + hostConfig = { + forceSSL = service.settings.forceSSL.enable; + enableACME = service.settings.certificateRenewal.enable; + locations = { + "/" = { + proxyPass = service.target; + proxyWebsockets = service.settings.proxyWebsockets.enable; + recommendedProxySettings = service.settings.forwardHeaders.enable; + extraConfig = let + # Client upload size configuration + maxBodySizeConfig = + lib.optionalString (service.settings.maxBodySize != null) + "client_max_body_size ${toString service.settings.maxBodySize}M;"; + + # Security header configuration + noSniffConfig = + lib.optionalString service.settings.noSniff.enable + "add_header X-Content-Type-Options nosniff;"; + + # Proxy buffering configuration + proxyBufferingConfig = + lib.optionalString (!service.settings.proxyBuffering.enable) + "proxy_buffering off;"; + + # Proxy timeout configuration + proxyTimeoutConfig = + lib.optionalString service.settings.proxyHeaders.enable + '' + proxy_read_timeout ${toString service.settings.proxyHeaders.timeout}s; + proxy_connect_timeout ${toString service.settings.proxyHeaders.timeout}s; + proxy_send_timeout ${toString service.settings.proxyHeaders.timeout}s; + ''; + in + maxBodySizeConfig + noSniffConfig + proxyBufferingConfig + proxyTimeoutConfig; + }; + }; + }; + in ( + [ + { + ${service.domain} = hostConfig; + } + ] + ++ builtins.map (domain: {${domain} = hostConfig;}) + service.extraDomains + ) + ) + config.services.reverseProxy.services + ) + ); + }; + networking.firewall.allowedTCPPorts = lib.mkIf config.services.reverseProxy.openFirewall [ + httpPort + httpsPort + ]; + }; +} diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix deleted file mode 100644 index 26b43749..00000000 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDir = "/var/lib/acme"; - httpPort = 80; - httpsPort = 443; -in { - options.host.reverse_proxy = { - enable = lib.mkEnableOption "turn on the reverse proxy"; - hostname = lib.mkOption { - type = lib.types.str; - description = "what host name are we going to be proxying from"; - }; - forceSSL = lib.mkOption { - type = lib.types.bool; - description = "force connections to use https"; - default = config.host.reverse_proxy.enableACME; - }; - enableACME = lib.mkOption { - type = lib.types.bool; - description = "auto renew certificates"; - default = true; - }; - subdomains = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "what is the default subdomain to be used for this application to be used for"; - default = name; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for this domain"; - default = []; - }; - - target = lib.mkOption { - type = lib.types.str; - description = "what url will all traffic to this application be forwarded to"; - }; - - websockets.enable = lib.mkEnableOption "should the default config proxy websockets"; - - forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; - - extraConfig = lib.mkOption { - type = lib.types.lines; - default = ""; - description = '' - These lines go to the end of the upstream verbatim. - ''; - }; - }; - })); - }; - }; - - config = lib.mkIf config.host.reverse_proxy.enable (lib.mkMerge [ - { - security.acme = lib.mkIf config.host.reverse_proxy.enableACME { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - services.nginx = { - enable = true; - virtualHosts = lib.mkMerge ( - lib.lists.flatten ( - lib.attrsets.mapAttrsToList ( - name: value: let - hostConfig = { - forceSSL = config.host.reverse_proxy.forceSSL; - enableACME = config.host.reverse_proxy.enableACME; - locations = { - "/" = { - proxyPass = value.target; - proxyWebsockets = value.websockets.enable; - recommendedProxySettings = value.forwardHeaders.enable; - extraConfig = - value.extraConfig; - }; - }; - }; - in ( - [ - { - ${"${value.subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig; - } - ] - ++ builtins.map (subdomain: {${"${subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig;}) - value.extraSubdomains - ) - ) - config.host.reverse_proxy.subdomains - ) - ); - }; - - networking.firewall.allowedTCPPorts = [ - httpPort - httpsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - # TODO: figure out how to write an assertion for this - # assertions = [ - # { - # assertion = security.acme.certs..directory == dataDir; - # message = "postgres data directory does not match persistence"; - # } - # ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "acme"; - group = "acme"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index 0c1eae15..aca5e36b 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -4,18 +4,28 @@ ... }: { options.services.searx = { - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that searx will be hosted at"; - default = "searx"; + reverseProxy = { + domain = lib.mkOption { + type = lib.types.str; + description = "domain that searx will be hosted at"; + default = "searx.arpa"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for searx"; + default = []; + }; }; }; - config = lib.mkIf (config.services.searx.enable && config.host.reverse_proxy.enable) { - host = { - reverse_proxy.subdomains.searx = { - subdomain = config.services.searx.subdomain; - target = "http://localhost:${toString config.services.searx.settings.server.port}"; + config = lib.mkIf (config.services.searx.enable && config.services.reverseProxy.enable) { + services.reverseProxy.services.searx = { + target = "http://localhost:${toString config.services.searx.settings.server.port}"; + domain = config.services.searx.reverseProxy.domain; + extraDomains = config.services.searx.reverseProxy.extraDomains; + + settings = { + forwardHeaders.enable = true; }; }; }; diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix index f39d9400..86dbb4b1 100644 --- a/modules/nixos-modules/server/sonarr/default.nix +++ b/modules/nixos-modules/server/sonarr/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./proxy.nix ./impermanence.nix ]; } diff --git a/modules/nixos-modules/server/sonarr/proxy.nix b/modules/nixos-modules/server/sonarr/proxy.nix deleted file mode 100644 index 22b90a62..00000000 --- a/modules/nixos-modules/server/sonarr/proxy.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.sonarr = { - subdomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Subdomain for reverse proxy. If null, service will be local only."; - }; - extraSubdomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Extra subdomains for reverse proxy."; - }; - }; - - config = lib.mkIf (config.services.sonarr.enable && config.services.sonarr.subdomain != null) { - host.reverse_proxy.subdomains.sonarr = { - subdomain = config.services.sonarr.subdomain; - extraSubdomains = config.services.sonarr.extraSubdomains; - target = "http://127.0.0.1:8989"; - websockets.enable = true; - forwardHeaders.enable = true; - }; - }; -} From ad04be6534fb45e12630d2cffdea15dc82eaa48f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 12:49:36 -0500 Subject: [PATCH 910/932] feat: removed unused podman module --- modules/nixos-modules/server/default.nix | 1 - modules/nixos-modules/server/podman.nix | 73 ------------------------ 2 files changed, 74 deletions(-) delete mode 100644 modules/nixos-modules/server/podman.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 4981f28a..e4a68c26 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -4,7 +4,6 @@ ./fail2ban.nix ./postgres.nix ./network_storage - ./podman.nix ./actual ./bazarr diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix deleted file mode 100644 index 9301140f..00000000 --- a/modules/nixos-modules/server/podman.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - config, - ... -}: { - options.host.podman = { - enable = lib.mkEnableOption "should podman be enabled on this computer"; - macvlan = { - subnet = lib.mkOption { - type = lib.types.str; - description = "Subnet for macvlan address range"; - }; - gateway = lib.mkOption { - type = lib.types.str; - description = "Gateway for macvlan"; - # TODO: see if we can default this to systemd network gateway - }; - networkInterface = lib.mkOption { - type = lib.types.str; - description = "Parent network interface for macvlan"; - # TODO: see if we can default this some interface? - }; - }; - }; - config = lib.mkIf config.host.podman.enable { - systemd = { - services = { - # "podman-network-macvlan" = { - # path = [pkgs.podman]; - # serviceConfig = { - # Type = "oneshot"; - # RemainAfterExit = true; - # ExecStop = "podman network rm -f macvlan"; - # }; - # script = '' - # podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan - # ''; - # partOf = ["podman-compose-root.target"]; - # wantedBy = ["podman-compose-root.target"]; - # }; - }; - # disable computer sleeping - targets = { - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - "podman-compose-root" = { - unitConfig = { - Description = "Root target for podman targets."; - }; - wantedBy = ["multi-user.target"]; - }; - }; - }; - - virtualisation = { - # Runtime - podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - # defaultNetwork.settings = { - # # Required for container networking to be able to use names. - # dns_enabled = true; - # }; - }; - - oci-containers = { - backend = "podman"; - }; - }; - }; -} From 0f5507c32800aaa8b2f215c6bf4ea1987ada6e6e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 13:08:13 -0500 Subject: [PATCH 911/932] refactor: split configurations for fail2ban, postgres, and qbittorent into folders --- modules/nixos-modules/server/default.nix | 6 +- modules/nixos-modules/server/fail2ban.nix | 74 ----------- .../nixos-modules/server/fail2ban/default.nix | 6 + .../server/fail2ban/fail2ban.nix | 51 ++++++++ .../server/fail2ban/impermanence.nix | 27 ++++ modules/nixos-modules/server/postgres.nix | 121 ------------------ .../nixos-modules/server/postgres/default.nix | 6 + .../server/postgres/impermanence.nix | 27 ++++ .../server/postgres/postgres.nix | 98 ++++++++++++++ modules/nixos-modules/server/qbittorent.nix | 65 ---------- .../server/qbittorent/default.nix | 6 + .../server/qbittorent/impermanence.nix | 54 ++++++++ .../server/qbittorent/qbittorent.nix | 18 +++ 13 files changed, 296 insertions(+), 263 deletions(-) delete mode 100644 modules/nixos-modules/server/fail2ban.nix create mode 100644 modules/nixos-modules/server/fail2ban/default.nix create mode 100644 modules/nixos-modules/server/fail2ban/fail2ban.nix create mode 100644 modules/nixos-modules/server/fail2ban/impermanence.nix delete mode 100644 modules/nixos-modules/server/postgres.nix create mode 100644 modules/nixos-modules/server/postgres/default.nix create mode 100644 modules/nixos-modules/server/postgres/impermanence.nix create mode 100644 modules/nixos-modules/server/postgres/postgres.nix delete mode 100644 modules/nixos-modules/server/qbittorent.nix create mode 100644 modules/nixos-modules/server/qbittorent/default.nix create mode 100644 modules/nixos-modules/server/qbittorent/impermanence.nix create mode 100644 modules/nixos-modules/server/qbittorent/qbittorent.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index e4a68c26..2b330893 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,8 +1,8 @@ {...}: { imports = [ ./reverseProxy - ./fail2ban.nix - ./postgres.nix + ./fail2ban + ./postgres ./network_storage ./actual @@ -17,7 +17,7 @@ ./lidarr ./panoramax ./paperless - ./qbittorent.nix + ./qbittorent ./radarr ./searx ./sonarr diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix deleted file mode 100644 index d19aeebd..00000000 --- a/modules/nixos-modules/server/fail2ban.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - dataFolder = "/var/lib/fail2ban"; - dataFile = "fail2ban.sqlite3"; -in { - config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ - { - environment.etc = { - "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "limiting requests, excess:.* by zone.*client: " - '') - ); - }; - - services.fail2ban = { - maxretry = 5; - ignoreIP = [ - # Whitelist local networks - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - - # tail scale tailnet - "100.64.0.0/10" - "fd7a:115c:a1e0::/48" - ]; - bantime = "24h"; # Ban IPs for one day on the first ban - bantime-increment = { - enable = true; # Enable increment of bantime after each violation - formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; - maxtime = "168h"; # Do not ban for more than 1 week - overalljails = true; # Calculate the ban time based on all the violations - }; - jails = { - nginx-iptables.settings = lib.mkIf config.services.nginx.enable { - enabled = true; - filter = "nginx"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - # TODO; figure out if there is any fail2ban things we can do on searx - # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; - }; - }; - } - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataFolder; - user = "fail2ban"; - group = "fail2ban"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/fail2ban/default.nix b/modules/nixos-modules/server/fail2ban/default.nix new file mode 100644 index 00000000..30fca99b --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./fail2ban.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/fail2ban/fail2ban.nix b/modules/nixos-modules/server/fail2ban/fail2ban.nix new file mode 100644 index 00000000..261c68fa --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/fail2ban.nix @@ -0,0 +1,51 @@ +{ + lib, + pkgs, + config, + ... +}: { + config = lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = "limiting requests, excess:.* by zone.*client: " + '') + ); + }; + + services.fail2ban = { + maxretry = 5; + ignoreIP = [ + # Whitelist local networks + "10.0.0.0/8" + "172.16.0.0/12" + "192.168.0.0/16" + + # tail scale tailnet + "100.64.0.0/10" + "fd7a:115c:a1e0::/48" + ]; + bantime = "24h"; # Ban IPs for one day on the first ban + bantime-increment = { + enable = true; # Enable increment of bantime after each violation + formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; + maxtime = "168h"; # Do not ban for more than 1 week + overalljails = true; # Calculate the ban time based on all the violations + }; + jails = { + nginx-iptables.settings = lib.mkIf config.services.nginx.enable { + enabled = true; + filter = "nginx"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + # TODO; figure out if there is any fail2ban things we can do on searx + # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix new file mode 100644 index 00000000..5bc46735 --- /dev/null +++ b/modules/nixos-modules/server/fail2ban/impermanence.nix @@ -0,0 +1,27 @@ +{ + lib, + config, + ... +}: let + dataFolder = "/var/lib/fail2ban"; + dataFile = "fail2ban.sqlite3"; +in { + config = lib.mkIf (config.services.fail2ban.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; + message = "fail2ban data file does not match persistence"; + } + ]; + + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataFolder; + user = "fail2ban"; + group = "fail2ban"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres.nix b/modules/nixos-modules/server/postgres.nix deleted file mode 100644 index 71ce44c5..00000000 --- a/modules/nixos-modules/server/postgres.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - dataDir = "/var/lib/postgresql/16"; - adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; -in { - options = { - host.postgres = { - enable = lib.mkEnableOption "enable postgres"; - extraUsers = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - isAdmin = lib.mkOption { - type = lib.types.bool; - default = false; - }; - isClient = lib.mkOption { - type = lib.types.bool; - default = false; - }; - createUser = lib.mkOption { - type = lib.types.bool; - default = false; - }; - }; - })); - default = {}; - }; - extraDatabases = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = {}; - }; - }; - }; - - config = lib.mkIf config.host.postgres.enable (lib.mkMerge [ - { - services = { - postgresql = { - enable = true; - package = pkgs.postgresql_16; - ensureUsers = - [ - { - name = "postgres"; - } - ] - ++ ( - builtins.map (user: { - name = user.name; - ensureDBOwnership = true; - }) - createUsers - ); - ensureDatabases = builtins.map (database: database.name) createDatabases; - identMap = - '' - # ArbitraryMapName systemUser DBUser - - # Administration Users - superuser_map root postgres - superuser_map postgres postgres - '' - + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) - ) - + '' - - # Client Users - '' - + ( - lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) - ); - # configuration here lets users access the db that matches their name and lets user postgres access everything - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=user_map - ''; - }; - }; - } - - (lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "postgres"; - group = "postgres"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/postgres/default.nix b/modules/nixos-modules/server/postgres/default.nix new file mode 100644 index 00000000..abf4ade8 --- /dev/null +++ b/modules/nixos-modules/server/postgres/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./postgres.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix new file mode 100644 index 00000000..6c2d295a --- /dev/null +++ b/modules/nixos-modules/server/postgres/impermanence.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/postgresql/16"; +in { + config = lib.mkIf (config.host.postgres.enable && config.host.impermanence.enable) { + assertions = [ + { + assertion = config.services.postgresql.dataDir == dataDir; + message = "postgres data directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = dataDir; + user = "postgres"; + group = "postgres"; + } + ]; + }; + }; +} diff --git a/modules/nixos-modules/server/postgres/postgres.nix b/modules/nixos-modules/server/postgres/postgres.nix new file mode 100644 index 00000000..e76857c4 --- /dev/null +++ b/modules/nixos-modules/server/postgres/postgres.nix @@ -0,0 +1,98 @@ +{ + config, + lib, + pkgs, + ... +}: let + adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); + createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; +in { + options = { + host.postgres = { + enable = lib.mkEnableOption "enable postgres"; + extraUsers = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + isAdmin = lib.mkOption { + type = lib.types.bool; + default = false; + }; + isClient = lib.mkOption { + type = lib.types.bool; + default = false; + }; + createUser = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + })); + default = {}; + }; + extraDatabases = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + }; + })); + default = {}; + }; + }; + }; + + config = lib.mkIf config.host.postgres.enable { + services = { + postgresql = { + enable = true; + package = pkgs.postgresql_16; + ensureUsers = + [ + { + name = "postgres"; + } + ] + ++ ( + builtins.map (user: { + name = user.name; + ensureDBOwnership = true; + }) + createUsers + ); + ensureDatabases = builtins.map (database: database.name) createDatabases; + identMap = + '' + # ArbitraryMapName systemUser DBUser + + # Administration Users + superuser_map root postgres + superuser_map postgres postgres + '' + + ( + lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) + ) + + '' + + # Client Users + '' + + ( + lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) + ); + # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' + # type database DBuser origin-address auth-method optional_ident_map + local all postgres peer map=superuser_map + local sameuser all peer map=user_map + ''; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix deleted file mode 100644 index 2d545875..00000000 --- a/modules/nixos-modules/server/qbittorent.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - lib, - config, - ... -}: let - qbittorent_profile_directory = "/var/lib/qBittorrent/"; -in { - options.services.qbittorrent = { - mediaDir = lib.mkOption { - type = lib.types.path; - description = lib.mdDoc '' - The directory to create to store qbittorrent media. - ''; - }; - }; - - config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - (lib.mkIf config.host.impermanence.enable { - fileSystems."/persist/system/qbittorrent".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/qbittorrent" = { - type = "zfs_fs"; - mountpoint = "/persist/system/qbittorrent"; - options = { - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = qbittorent_profile_directory; - user = "qbittorrent"; - group = "qbittorrent"; - } - ]; - }; - - "/persist/system/qbittorrent" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } - ]; - }; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/qbittorent/default.nix b/modules/nixos-modules/server/qbittorent/default.nix new file mode 100644 index 00000000..f7511e62 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./qbittorent.nix + ./impermanence.nix + ]; +} diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix new file mode 100644 index 00000000..da47d1a3 --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/impermanence.nix @@ -0,0 +1,54 @@ +{ + lib, + config, + ... +}: let + qbittorent_profile_directory = "/var/lib/qBittorrent/"; +in { + config = lib.mkIf (config.services.qbittorrent.enable && config.host.impermanence.enable) { + fileSystems."/persist/system/qbittorrent".neededForBoot = true; + + host.storage.pool.extraDatasets = { + # sops age key needs to be available to pre persist for user generation + "persist/system/qbittorrent" = { + type = "zfs_fs"; + mountpoint = "/persist/system/qbittorrent"; + options = { + canmount = "on"; + }; + }; + }; + + assertions = [ + { + assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; + message = "qbittorrent data directory does not match persistence"; + } + ]; + + environment.persistence = { + "/persist/system/root" = { + directories = [ + { + directory = qbittorent_profile_directory; + user = "qbittorrent"; + group = "qbittorrent"; + } + ]; + }; + + "/persist/system/qbittorrent" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = config.services.qbittorrent.mediaDir; + user = "qbittorrent"; + group = "qbittorrent"; + mode = "1775"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/qbittorent/qbittorent.nix b/modules/nixos-modules/server/qbittorent/qbittorent.nix new file mode 100644 index 00000000..44603c8a --- /dev/null +++ b/modules/nixos-modules/server/qbittorent/qbittorent.nix @@ -0,0 +1,18 @@ +{ + lib, + config, + ... +}: { + options.services.qbittorrent = { + mediaDir = lib.mkOption { + type = lib.types.path; + description = lib.mdDoc '' + The directory to create to store qbittorrent media. + ''; + }; + }; + + config = lib.mkIf config.services.qbittorrent.enable { + # Main qbittorrent configuration goes here if needed + }; +} From c2435883f1e9a1e945ad50bd62fdcf2ec492f3ef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 24 Oct 2025 15:01:16 -0500 Subject: [PATCH 912/932] fix: fixed domains for searx and paperless --- .../nixos-modules/server/paperless/proxy.nix | 19 ++++++------------- modules/nixos-modules/server/searx/proxy.nix | 19 ++++++------------- 2 files changed, 12 insertions(+), 26 deletions(-) diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index e79c8d97..04c8304d 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -4,25 +4,18 @@ ... }: { options.services.paperless = { - reverseProxy = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that paperless will be hosted at"; - default = "paperless.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for paperless"; - default = []; - }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for paperless"; + default = []; }; }; config = lib.mkIf (config.services.paperless.enable && config.services.reverseProxy.enable) { services.reverseProxy.services.paperless = { target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - domain = config.services.paperless.reverseProxy.domain; - extraDomains = config.services.paperless.reverseProxy.extraDomains; + domain = config.services.paperless.domain; + extraDomains = config.services.paperless.extraDomains; settings = { proxyWebsockets.enable = true; diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index aca5e36b..fbc80e03 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -4,25 +4,18 @@ ... }: { options.services.searx = { - reverseProxy = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that searx will be hosted at"; - default = "searx.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for searx"; - default = []; - }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "extra domains that should be configured for searx"; + default = []; }; }; config = lib.mkIf (config.services.searx.enable && config.services.reverseProxy.enable) { services.reverseProxy.services.searx = { target = "http://localhost:${toString config.services.searx.settings.server.port}"; - domain = config.services.searx.reverseProxy.domain; - extraDomains = config.services.searx.reverseProxy.extraDomains; + domain = config.services.searx.domain; + extraDomains = config.services.searx.extraDomains; settings = { forwardHeaders.enable = true; From 7f740607133c55d32b2e5bb328563c7bda3791fa Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 01:55:58 -0500 Subject: [PATCH 913/932] chore: updated task list in README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f8c7ecfa..23a49666 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - [ ] migrate away from flakes and move to npins -- [ ] rework the reverse_proxy.nix file so that it is a normally named service. Then also change it so that we can hook into it with both a base domain and a subdomain to make migrating to vpn accessible services easier ## Broken things - [ ] figure out steam vr things? @@ -73,12 +72,13 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) - [ ] figure out why syncthing and jellyfins permissions don't propagate downwards - [ ] make radarr, sonarr, and bazarr accessible over vpn -- [ ] move searx, home-assistant, actual, jellyfin, paperless, and immich to only be accessible via vpn +- [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn ## Services - [ ] vikunja service for project management - [ ] Create Tor guard/relay server - [ ] mastodon instance +- [ ] screeps server ## DevOps - [ ] wake on LAN for updates From ecec04a9ce84c62555b31ced2378d490681245d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:31:11 -0500 Subject: [PATCH 914/932] feat: added per service enable options for reverseProxy configs --- modules/nixos-modules/server/actual/proxy.nix | 6 +++++- modules/nixos-modules/server/forgejo/proxy.nix | 6 +++++- modules/nixos-modules/server/home-assistant/proxy.nix | 8 +++++++- modules/nixos-modules/server/immich/proxy.nix | 8 +++++++- modules/nixos-modules/server/jellyfin/proxy.nix | 8 +++++++- modules/nixos-modules/server/panoramax/proxy.nix | 8 +++++++- modules/nixos-modules/server/paperless/proxy.nix | 8 +++++++- modules/nixos-modules/server/searx/proxy.nix | 8 +++++++- 8 files changed, 52 insertions(+), 8 deletions(-) diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix index bf1711ab..9d375745 100644 --- a/modules/nixos-modules/server/actual/proxy.nix +++ b/modules/nixos-modules/server/actual/proxy.nix @@ -14,9 +14,13 @@ description = "extra domains that should be configured for actual"; default = []; }; + reverseProxy.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.services.reverseProxy.enable; + }; }; - config = lib.mkIf (config.services.actual.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.actual.reverseProxy.enable { services.reverseProxy.services.actual = { target = "http://localhost:${toString config.services.actual.settings.port}"; domain = config.services.actual.domain; diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix index bde59d1a..c2d31319 100644 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ b/modules/nixos-modules/server/forgejo/proxy.nix @@ -8,6 +8,10 @@ in { options.services.forgejo = { reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.services.reverseProxy.enable; + }; domain = lib.mkOption { type = lib.types.str; description = "domain that forgejo will be hosted at"; @@ -21,7 +25,7 @@ in { }; }; - config = lib.mkIf (config.services.forgejo.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.forgejo.reverseProxy.enable { services.reverseProxy.services.forgejo = { target = "http://localhost:${toString httpPort}"; domain = config.services.forgejo.reverseProxy.domain; diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix index 1075c59f..b7564599 100644 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ b/modules/nixos-modules/server/home-assistant/proxy.nix @@ -14,9 +14,15 @@ description = "extra domains that should be configured for home-assistant"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.reverseProxy.enable && config.services.home-assistant.enable; + }; + }; }; - config = lib.mkIf (config.services.reverseProxy.enable && config.services.home-assistant.enable) { + config = lib.mkIf config.services.home-assistant.reverseProxy.enable { services.reverseProxy.services.home-assistant = { target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; domain = config.services.home-assistant.domain; diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix index a50ea1e0..9c8c165a 100644 --- a/modules/nixos-modules/server/immich/proxy.nix +++ b/modules/nixos-modules/server/immich/proxy.nix @@ -14,9 +14,15 @@ description = "extra domains that should be configured for immich"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.immich.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.immich.reverseProxy.enable { services.reverseProxy.services.immich = { target = "http://localhost:${toString config.services.immich.port}"; domain = config.services.immich.domain; diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix index f803ecb7..35289e76 100644 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ b/modules/nixos-modules/server/jellyfin/proxy.nix @@ -16,9 +16,15 @@ in { description = "extra domains that should be configured for jellyfin"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.jellyfin.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.jellyfin.reverseProxy.enable { services.reverseProxy.services.jellyfin = { target = "http://localhost:${toString jellyfinPort}"; domain = config.services.jellyfin.domain; diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix index 35bc79b9..7cd71113 100644 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ b/modules/nixos-modules/server/panoramax/proxy.nix @@ -14,9 +14,15 @@ description = "extra domains that should be configured for panoramax"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.panoramax.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.panoramax.reverseProxy.enable { services.reverseProxy.services.panoramax = { target = "http://localhost:${toString config.services.panoramax.port}"; domain = config.services.panoramax.domain; diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix index 04c8304d..9d152c9c 100644 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ b/modules/nixos-modules/server/paperless/proxy.nix @@ -9,9 +9,15 @@ description = "extra domains that should be configured for paperless"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.paperless.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.paperless.reverseProxy.enable { services.reverseProxy.services.paperless = { target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; domain = config.services.paperless.domain; diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix index fbc80e03..e994e4a1 100644 --- a/modules/nixos-modules/server/searx/proxy.nix +++ b/modules/nixos-modules/server/searx/proxy.nix @@ -9,9 +9,15 @@ description = "extra domains that should be configured for searx"; default = []; }; + reverseProxy = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.searx.enable && config.services.reverseProxy.enable; + }; + }; }; - config = lib.mkIf (config.services.searx.enable && config.services.reverseProxy.enable) { + config = lib.mkIf config.services.searx.reverseProxy.enable { services.reverseProxy.services.searx = { target = "http://localhost:${toString config.services.searx.settings.server.port}"; domain = config.services.searx.domain; From a8af8930fa8f835bc2697aae88e3b9ddb9bf7a10 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:37:53 -0500 Subject: [PATCH 915/932] feat: added per service enable options for fail2ban configs --- .../nixos/defiant/configuration.nix | 2 +- .../nixos-modules/server/forgejo/fail2ban.nix | 11 +++- .../server/home-assistant/fail2ban.nix | 66 +++++++++++-------- .../nixos-modules/server/immich/fail2ban.nix | 11 +++- 4 files changed, 59 insertions(+), 31 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 91a8c2cc..ae897ce9 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -310,7 +310,7 @@ forgejo = { enable = true; - domain = "git.jan-leila.com"; + reverseProxy.domain = "git.jan-leila.com"; }; searx = { diff --git a/modules/nixos-modules/server/forgejo/fail2ban.nix b/modules/nixos-modules/server/forgejo/fail2ban.nix index 213c804a..dfe221a5 100644 --- a/modules/nixos-modules/server/forgejo/fail2ban.nix +++ b/modules/nixos-modules/server/forgejo/fail2ban.nix @@ -4,7 +4,16 @@ pkgs, ... }: { - config = lib.mkIf (config.services.forgejo.enable && config.services.fail2ban.enable) { + options.services.forgejo = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.services.fail2ban.enable; + }; + }; + }; + + config = lib.mkIf config.services.forgejo.fail2ban.enable { environment.etc = { "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' diff --git a/modules/nixos-modules/server/home-assistant/fail2ban.nix b/modules/nixos-modules/server/home-assistant/fail2ban.nix index 6ac5900f..25194efe 100644 --- a/modules/nixos-modules/server/home-assistant/fail2ban.nix +++ b/modules/nixos-modules/server/home-assistant/fail2ban.nix @@ -3,36 +3,46 @@ pkgs, config, ... -}: -lib.mkIf (config.services.fail2ban.enable && config.services.home-assistant.enable) { - environment.etc = { - "fail2ban/filter.d/hass.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - ignoreregex = - - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); +}: { + options.services.home-assistant = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.services.home-assistant.enable; + }; + }; }; - services.fail2ban = { - jails = { - home-assistant-iptables.settings = { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; + config = lib.mkIf config.services.home-assistant.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/hass.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; }; }; }; diff --git a/modules/nixos-modules/server/immich/fail2ban.nix b/modules/nixos-modules/server/immich/fail2ban.nix index c9ec87bf..21593e7b 100644 --- a/modules/nixos-modules/server/immich/fail2ban.nix +++ b/modules/nixos-modules/server/immich/fail2ban.nix @@ -4,7 +4,16 @@ pkgs, ... }: { - config = lib.mkIf (config.services.fail2ban.enable && config.services.immich.enable) { + options.services.immich = { + fail2ban = { + enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.services.immich.enable; + }; + }; + }; + + config = lib.mkIf config.services.immich.fail2ban.enable { environment.etc = { "fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] From 89793fca6aa221fa1b105f737b082320a8b0e001 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:41:00 -0500 Subject: [PATCH 916/932] feat: added per service enable options for impermanence configs --- modules/nixos-modules/server/actual/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/bazarr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/crab-hole/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/fail2ban/impermanence.nix | 9 ++++++++- .../nixos-modules/server/flaresolverr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/forgejo/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/immich/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/jackett/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/jellyfin/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/lidarr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/panoramax/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/paperless/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/qbittorent/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/radarr/impermanence.nix | 9 ++++++++- modules/nixos-modules/server/sonarr/impermanence.nix | 9 ++++++++- 15 files changed, 120 insertions(+), 15 deletions(-) diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index 5eee95ac..5a2bb6c5 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -6,7 +6,14 @@ const = import ./const.nix; dataDirectory = const.dataDirectory; in { - config = lib.mkIf (config.services.actual.enable && config.host.impermanence.enable) { + options.services.actual = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.actual.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.actual.impermanence.enable { assertions = [ { assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix index 22fb0e63..70a45d13 100644 --- a/modules/nixos-modules/server/bazarr/impermanence.nix +++ b/modules/nixos-modules/server/bazarr/impermanence.nix @@ -5,7 +5,14 @@ }: let bazarr_data_directory = "/var/lib/bazarr"; in { - config = lib.mkIf (config.services.bazarr.enable && config.host.impermanence.enable) { + options.services.bazarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.bazarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.bazarr.impermanence.enable { assertions = [ { assertion = config.services.bazarr.dataDir == bazarr_data_directory; diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix index 8e1182c5..51efc0cf 100644 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ b/modules/nixos-modules/server/crab-hole/impermanence.nix @@ -5,7 +5,14 @@ }: let workingDirectory = "/var/lib/private/crab-hole"; in { - config = lib.mkIf (config.services.crab-hole.enable && config.host.impermanence.enable) { + options.services.crab-hole = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.crab-hole.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.crab-hole.impermanence.enable { assertions = [ { assertion = diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix index 5bc46735..6e214b36 100644 --- a/modules/nixos-modules/server/fail2ban/impermanence.nix +++ b/modules/nixos-modules/server/fail2ban/impermanence.nix @@ -6,7 +6,14 @@ dataFolder = "/var/lib/fail2ban"; dataFile = "fail2ban.sqlite3"; in { - config = lib.mkIf (config.services.fail2ban.enable && config.host.impermanence.enable) { + options.services.fail2ban = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.fail2ban.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.fail2ban.impermanence.enable { assertions = [ { assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix index b568a56f..4544e750 100644 --- a/modules/nixos-modules/server/flaresolverr/impermanence.nix +++ b/modules/nixos-modules/server/flaresolverr/impermanence.nix @@ -3,7 +3,14 @@ config, ... }: { - config = lib.mkIf (config.services.flaresolverr.enable && config.host.impermanence.enable) { + options.services.flaresolverr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.flaresolverr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.flaresolverr.impermanence.enable { # FlareSolverr typically doesn't need persistent storage as it's a proxy service # but we'll add basic structure in case it's needed for logs or configuration environment.persistence."/persist/system/root" = { diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix index 04f21a5e..6fe3de8b 100644 --- a/modules/nixos-modules/server/forgejo/impermanence.nix +++ b/modules/nixos-modules/server/forgejo/impermanence.nix @@ -5,7 +5,14 @@ }: let stateDir = "/var/lib/forgejo"; in { - config = lib.mkIf (config.services.forgejo.enable && config.host.impermanence.enable) { + options.services.forgejo = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.forgejo.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.forgejo.impermanence.enable { assertions = [ { assertion = config.services.forgejo.stateDir == stateDir; diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix index f63d178f..56e51d06 100644 --- a/modules/nixos-modules/server/immich/impermanence.nix +++ b/modules/nixos-modules/server/immich/impermanence.nix @@ -5,7 +5,14 @@ }: let mediaLocation = "/var/lib/immich"; in { - config = lib.mkIf (config.services.immich.enable && config.host.impermanence.enable) { + options.services.immich = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.immich.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.immich.impermanence.enable { assertions = [ { assertion = config.services.immich.mediaLocation == mediaLocation; diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix index 5826a547..24fc5e63 100644 --- a/modules/nixos-modules/server/jackett/impermanence.nix +++ b/modules/nixos-modules/server/jackett/impermanence.nix @@ -5,7 +5,14 @@ }: let jackett_data_directory = "/var/lib/jackett/.config/Jackett"; in { - config = lib.mkIf (config.services.jackett.enable && config.host.impermanence.enable) { + options.services.jackett = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jackett.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.jackett.impermanence.enable { assertions = [ { assertion = config.services.jackett.dataDir == jackett_data_directory; diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix index e0b3b5d5..cbcb54f8 100644 --- a/modules/nixos-modules/server/jellyfin/impermanence.nix +++ b/modules/nixos-modules/server/jellyfin/impermanence.nix @@ -6,7 +6,14 @@ jellyfin_data_directory = "/var/lib/jellyfin"; jellyfin_cache_directory = "/var/cache/jellyfin"; in { - config = lib.mkIf (config.services.jellyfin.enable && config.host.impermanence.enable) { + options.services.jellyfin = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.jellyfin.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.jellyfin.impermanence.enable { fileSystems."/persist/system/jellyfin".neededForBoot = true; host.storage.pool.extraDatasets = { diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix index 689b9247..5d3aa3ff 100644 --- a/modules/nixos-modules/server/lidarr/impermanence.nix +++ b/modules/nixos-modules/server/lidarr/impermanence.nix @@ -5,7 +5,14 @@ }: let lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; in { - config = lib.mkIf (config.services.lidarr.enable && config.host.impermanence.enable) { + options.services.lidarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.lidarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.lidarr.impermanence.enable { assertions = [ { assertion = config.services.lidarr.dataDir == lidarr_data_directory; diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix index 41b14011..e25ef926 100644 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ b/modules/nixos-modules/server/panoramax/impermanence.nix @@ -3,7 +3,14 @@ config, ... }: { - config = lib.mkIf (config.services.panoramax.enable && config.host.impermanence.enable) { + options.services.panoramax = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.panoramax.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.panoramax.impermanence.enable { # TODO: configure impermanence for panoramax data # This would typically include directories like: # - /var/lib/panoramax diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix index d9e17bdb..fc87ea7d 100644 --- a/modules/nixos-modules/server/paperless/impermanence.nix +++ b/modules/nixos-modules/server/paperless/impermanence.nix @@ -5,7 +5,14 @@ }: let dataDir = "/var/lib/paperless"; in { - config = lib.mkIf (config.services.paperless.enable && config.host.impermanence.enable) { + options.services.paperless = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.paperless.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.paperless.impermanence.enable { assertions = [ { assertion = config.services.paperless.dataDir == dataDir; diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix index da47d1a3..1489e7dc 100644 --- a/modules/nixos-modules/server/qbittorent/impermanence.nix +++ b/modules/nixos-modules/server/qbittorent/impermanence.nix @@ -5,7 +5,14 @@ }: let qbittorent_profile_directory = "/var/lib/qBittorrent/"; in { - config = lib.mkIf (config.services.qbittorrent.enable && config.host.impermanence.enable) { + options.services.qbittorrent = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.qbittorrent.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.qbittorrent.impermanence.enable { fileSystems."/persist/system/qbittorrent".neededForBoot = true; host.storage.pool.extraDatasets = { diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix index 4a3242c9..c948e3a5 100644 --- a/modules/nixos-modules/server/radarr/impermanence.nix +++ b/modules/nixos-modules/server/radarr/impermanence.nix @@ -5,7 +5,14 @@ }: let radarr_data_directory = "/var/lib/radarr/.config/Radarr"; in { - config = lib.mkIf (config.services.radarr.enable && config.host.impermanence.enable) { + options.services.radarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.radarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.radarr.impermanence.enable { assertions = [ { assertion = config.services.radarr.dataDir == radarr_data_directory; diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix index abc843c5..5b90ee9d 100644 --- a/modules/nixos-modules/server/sonarr/impermanence.nix +++ b/modules/nixos-modules/server/sonarr/impermanence.nix @@ -5,7 +5,14 @@ }: let sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; in { - config = lib.mkIf (config.services.sonarr.enable && config.host.impermanence.enable) { + options.services.sonarr = { + impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.sonarr.enable && config.host.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.sonarr.impermanence.enable { assertions = [ { assertion = config.services.sonarr.dataDir == sonarr_data_directory; From 30a042d709f0e12eca50c001cbdbf5d7fa3855e7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 02:56:07 -0500 Subject: [PATCH 917/932] refactor: moved server module configs out of default.nix files --- .../nixos-modules/server/actual/actual.nix | 20 ++++ .../nixos-modules/server/actual/default.nix | 20 +--- .../nixos-modules/server/forgejo/default.nix | 46 +------- .../nixos-modules/server/forgejo/forgejo.nix | 46 ++++++++ .../server/home-assistant/default.nix | 104 +----------------- .../server/home-assistant/home-assistant.nix | 104 ++++++++++++++++++ .../nixos-modules/server/jellyfin/default.nix | 32 +----- .../server/jellyfin/jellyfin.nix | 32 ++++++ .../server/network_storage/default.nix | 86 +-------------- .../network_storage/network_storage.nix | 86 +++++++++++++++ .../server/paperless/default.nix | 27 +---- .../server/paperless/paperless.nix | 27 +++++ .../nixos-modules/server/searx/default.nix | 59 +--------- modules/nixos-modules/server/searx/searx.nix | 59 ++++++++++ 14 files changed, 381 insertions(+), 367 deletions(-) create mode 100644 modules/nixos-modules/server/actual/actual.nix create mode 100644 modules/nixos-modules/server/forgejo/forgejo.nix create mode 100644 modules/nixos-modules/server/home-assistant/home-assistant.nix create mode 100644 modules/nixos-modules/server/jellyfin/jellyfin.nix create mode 100644 modules/nixos-modules/server/network_storage/network_storage.nix create mode 100644 modules/nixos-modules/server/paperless/paperless.nix create mode 100644 modules/nixos-modules/server/searx/searx.nix diff --git a/modules/nixos-modules/server/actual/actual.nix b/modules/nixos-modules/server/actual/actual.nix new file mode 100644 index 00000000..96ea5867 --- /dev/null +++ b/modules/nixos-modules/server/actual/actual.nix @@ -0,0 +1,20 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + dataDirectory = const.dataDirectory; +in { + config = lib.mkIf config.services.actual.enable { + systemd.tmpfiles.rules = [ + "d ${dataDirectory} 2770 actual actual" + ]; + + services.actual = { + settings = { + ACTUAL_DATA_DIR = dataDirectory; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix index 546240e1..b59517b8 100644 --- a/modules/nixos-modules/server/actual/default.nix +++ b/modules/nixos-modules/server/actual/default.nix @@ -1,26 +1,8 @@ { - lib, - config, - ... -}: let - const = import ./const.nix; - dataDirectory = const.dataDirectory; -in { imports = [ + ./actual.nix ./proxy.nix ./fail2ban.nix ./impermanence.nix ]; - - config = lib.mkIf config.services.actual.enable { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - - services.actual = { - settings = { - ACTUAL_DATA_DIR = dataDirectory; - }; - }; - }; } diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix index 5d0e7ad0..4333f69a 100644 --- a/modules/nixos-modules/server/forgejo/default.nix +++ b/modules/nixos-modules/server/forgejo/default.nix @@ -1,53 +1,9 @@ { - lib, - config, - ... -}: let - const = import ./const.nix; - httpPort = const.httpPort; - sshPort = const.sshPort; - db_user = "forgejo"; -in { imports = [ + ./forgejo.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ]; - - config = lib.mkIf config.services.forgejo.enable { - assertions = [ - { - assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; - message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; - } - ]; - - services.forgejo = { - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = config.services.forgejo.reverseProxy.domain; - HTTP_PORT = httpPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; - }; - }; - }; } diff --git a/modules/nixos-modules/server/forgejo/forgejo.nix b/modules/nixos-modules/server/forgejo/forgejo.nix new file mode 100644 index 00000000..70d30877 --- /dev/null +++ b/modules/nixos-modules/server/forgejo/forgejo.nix @@ -0,0 +1,46 @@ +{ + lib, + config, + ... +}: let + const = import ./const.nix; + httpPort = const.httpPort; + sshPort = const.sshPort; + db_user = "forgejo"; +in { + config = lib.mkIf config.services.forgejo.enable { + assertions = [ + { + assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; + message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; + } + ]; + + services.forgejo = { + database = { + type = "postgres"; + socket = "/run/postgresql"; + }; + lfs.enable = true; + settings = { + server = { + DOMAIN = config.services.forgejo.reverseProxy.domain; + HTTP_PORT = httpPort; + START_SSH_SERVER = true; + SSH_LISTEN_PORT = sshPort; + SSH_PORT = 22; + BUILTIN_SSH_SERVER_USER = "git"; + ROOT_URL = "https://git.jan-leila.com"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + database = { + DB_TYPE = "postgres"; + NAME = db_user; + USER = db_user; + }; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix index 4b1846b4..b6f9356d 100644 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ b/modules/nixos-modules/server/home-assistant/default.nix @@ -1,112 +1,10 @@ { - lib, - config, - ... -}: { imports = [ + ./home-assistant.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ./extensions ]; - - options.services.home-assistant = { - database = lib.mkOption { - type = lib.types.enum [ - "builtin" - "postgres" - ]; - description = "what database do we want to use"; - default = "builtin"; - }; - - extensions = { - sonos = { - enable = lib.mkEnableOption "enable the sonos plugin"; - port = lib.mkOption { - type = lib.types.int; - default = 1400; - description = "what port to use for sonos discovery"; - }; - }; - jellyfin = { - enable = lib.mkEnableOption "enable the jellyfin plugin"; - }; - wyoming = { - enable = lib.mkEnableOption "enable wyoming"; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - { - services.home-assistant = { - configDir = "/var/lib/hass"; - extraComponents = [ - "default_config" - "esphome" - "met" - "radio_browser" - "isal" - "zha" - "webostv" - "tailscale" - "syncthing" - "analytics_insights" - "unifi" - "openweathermap" - "ollama" - "mobile_app" - "logbook" - "ssdp" - "usb" - "webhook" - "bluetooth" - "dhcp" - "energy" - "history" - "backup" - "assist_pipeline" - "conversation" - "sun" - "zeroconf" - "cpuspeed" - ]; - config = { - http = { - server_port = 8123; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - homeassistant = { - external_url = "https://${config.services.home-assistant.domain}"; - # internal_url = "http://192.168.1.2:8123"; - }; - recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - mobile_app = {}; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts - ]; - }; - - # TODO: configure /var/lib/hass/secrets.yaml via sops - - networking.firewall.allowedUDPPorts = [ - 1900 - ]; - - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - } - ]); } diff --git a/modules/nixos-modules/server/home-assistant/home-assistant.nix b/modules/nixos-modules/server/home-assistant/home-assistant.nix new file mode 100644 index 00000000..fa58d5ee --- /dev/null +++ b/modules/nixos-modules/server/home-assistant/home-assistant.nix @@ -0,0 +1,104 @@ +{ + lib, + config, + ... +}: { + options.services.home-assistant = { + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ + { + services.home-assistant = { + configDir = "/var/lib/hass"; + extraComponents = [ + "default_config" + "esphome" + "met" + "radio_browser" + "isal" + "zha" + "webostv" + "tailscale" + "syncthing" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + homeassistant = { + external_url = "https://${config.services.home-assistant.domain}"; + # internal_url = "http://192.168.1.2:8123"; + }; + recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + mobile_app = {}; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; + + # TODO: configure /var/lib/hass/secrets.yaml via sops + + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; + } + ]); +} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix index 0d884818..2dbdcfd2 100644 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ b/modules/nixos-modules/server/jellyfin/default.nix @@ -1,38 +1,8 @@ { - lib, - pkgs, - config, - ... -}: let - jellyfinPort = 8096; - dlanPort = 1900; -in { imports = [ + ./jellyfin.nix ./proxy.nix ./fail2ban.nix ./impermanence.nix ]; - - options.services.jellyfin = { - media_directory = lib.mkOption { - type = lib.types.str; - description = "directory jellyfin media will be hosted at"; - default = "/srv/jellyfin/media"; - }; - }; - - config = lib.mkIf config.services.jellyfin.enable { - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - }; } diff --git a/modules/nixos-modules/server/jellyfin/jellyfin.nix b/modules/nixos-modules/server/jellyfin/jellyfin.nix new file mode 100644 index 00000000..9bfa9217 --- /dev/null +++ b/modules/nixos-modules/server/jellyfin/jellyfin.nix @@ -0,0 +1,32 @@ +{ + lib, + pkgs, + config, + ... +}: let + jellyfinPort = 8096; + dlanPort = 1900; +in { + options.services.jellyfin = { + media_directory = lib.mkOption { + type = lib.types.str; + description = "directory jellyfin media will be hosted at"; + default = "/srv/jellyfin/media"; + }; + }; + + config = lib.mkIf config.services.jellyfin.enable { + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; + + systemd.tmpfiles.rules = [ + "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" + "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" + ]; + }; +} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index eaac7fe1..cd100abc 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -1,90 +1,6 @@ { - config, - lib, - ... -}: let - export_directory = config.host.network_storage.export_directory; -in { imports = [ + ./network_storage.nix ./nfs.nix ]; - - options = { - host.network_storage = { - enable = lib.mkEnableOption "is this machine going to export network storage"; - export_directory = lib.mkOption { - type = lib.types.path; - description = "what are exports going to be stored in"; - default = "/exports"; - }; - directories = lib.mkOption { - type = lib.types.listOf (lib.types.submodule ({config, ...}: { - options = { - folder = lib.mkOption { - type = lib.types.str; - description = "what is the name of this export directory"; - }; - bind = lib.mkOption { - type = lib.types.nullOr lib.types.path; - description = "is this directory bound to anywhere"; - default = null; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user owns this directory"; - default = "nouser"; - }; - group = lib.mkOption { - type = lib.types.str; - description = "what group owns this directory"; - default = "nogroup"; - }; - _directory = lib.mkOption { - internal = true; - readOnly = true; - type = lib.types.path; - default = "${export_directory}/${config.folder}"; - }; - }; - })); - description = "list of directory names to export"; - }; - }; - }; - - config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ - { - # create any folders that we need to have for our exports - systemd.tmpfiles.rules = - [ - "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" - ] - ++ ( - builtins.map ( - directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" - ) - config.host.network_storage.directories - ); - - # set up any bind mounts that we need for our exports - fileSystems = builtins.listToAttrs ( - builtins.map (directory: - lib.attrsets.nameValuePair directory._directory { - device = directory.bind; - options = ["bind"]; - }) ( - builtins.filter (directory: directory.bind != null) config.host.network_storage.directories - ) - ); - } - # (lib.mkIf config.host.impermanence.enable { - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # config.host.network_storage.export_directory - # ]; - # }; - # }) - ]); } diff --git a/modules/nixos-modules/server/network_storage/network_storage.nix b/modules/nixos-modules/server/network_storage/network_storage.nix new file mode 100644 index 00000000..ebc3bee7 --- /dev/null +++ b/modules/nixos-modules/server/network_storage/network_storage.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + ... +}: let + export_directory = config.host.network_storage.export_directory; +in { + options = { + host.network_storage = { + enable = lib.mkEnableOption "is this machine going to export network storage"; + export_directory = lib.mkOption { + type = lib.types.path; + description = "what are exports going to be stored in"; + default = "/exports"; + }; + directories = lib.mkOption { + type = lib.types.listOf (lib.types.submodule ({config, ...}: { + options = { + folder = lib.mkOption { + type = lib.types.str; + description = "what is the name of this export directory"; + }; + bind = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = "is this directory bound to anywhere"; + default = null; + }; + user = lib.mkOption { + type = lib.types.str; + description = "what user owns this directory"; + default = "nouser"; + }; + group = lib.mkOption { + type = lib.types.str; + description = "what group owns this directory"; + default = "nogroup"; + }; + _directory = lib.mkOption { + internal = true; + readOnly = true; + type = lib.types.path; + default = "${export_directory}/${config.folder}"; + }; + }; + })); + description = "list of directory names to export"; + }; + }; + }; + + config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ + { + # create any folders that we need to have for our exports + systemd.tmpfiles.rules = + [ + "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" + ] + ++ ( + builtins.map ( + directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" + ) + config.host.network_storage.directories + ); + + # set up any bind mounts that we need for our exports + fileSystems = builtins.listToAttrs ( + builtins.map (directory: + lib.attrsets.nameValuePair directory._directory { + device = directory.bind; + options = ["bind"]; + }) ( + builtins.filter (directory: directory.bind != null) config.host.network_storage.directories + ) + ); + } + # (lib.mkIf config.host.impermanence.enable { + # environment.persistence."/persist/system/root" = { + # enable = true; + # hideMounts = true; + # directories = [ + # config.host.network_storage.export_directory + # ]; + # }; + # }) + ]); +} diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix index d2bc930f..7e5e16be 100644 --- a/modules/nixos-modules/server/paperless/default.nix +++ b/modules/nixos-modules/server/paperless/default.nix @@ -1,34 +1,9 @@ { - config, - lib, - ... -}: { imports = [ + ./paperless.nix ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ]; - - options.services.paperless = { - database = { - user = lib.mkOption { - type = lib.types.str; - description = "what is the user and database that we are going to use for paperless"; - default = "paperless"; - }; - }; - }; - - config = lib.mkIf config.services.paperless.enable { - services.paperless = { - configureTika = true; - settings = { - PAPERLESS_DBENGINE = "postgresql"; - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBNAME = config.services.paperless.database.user; - PAPERLESS_DBUSER = config.services.paperless.database.user; - }; - }; - }; } diff --git a/modules/nixos-modules/server/paperless/paperless.nix b/modules/nixos-modules/server/paperless/paperless.nix new file mode 100644 index 00000000..5bcbfeda --- /dev/null +++ b/modules/nixos-modules/server/paperless/paperless.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: { + options.services.paperless = { + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable { + services.paperless = { + configureTika = true; + settings = { + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + }; +} diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix index ac84c1dd..54263802 100644 --- a/modules/nixos-modules/server/searx/default.nix +++ b/modules/nixos-modules/server/searx/default.nix @@ -1,63 +1,6 @@ { - config, - lib, - inputs, - ... -}: { imports = [ + ./searx.nix ./proxy.nix ]; - - config = lib.mkIf config.services.searx.enable { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; - }; - - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - }; } diff --git a/modules/nixos-modules/server/searx/searx.nix b/modules/nixos-modules/server/searx/searx.nix new file mode 100644 index 00000000..d4d4012c --- /dev/null +++ b/modules/nixos-modules/server/searx/searx.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + inputs, + ... +}: { + config = lib.mkIf config.services.searx.enable { + sops.secrets = { + "services/searx" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + }; + }; + + services.searx = { + environmentFile = config.sops.secrets."services/searx".path; + + # Rate limiting + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + + botdetection = { + ip_limit = { + filter_link_local = true; + link_token = true; + }; + }; + }; + + settings = { + server = { + port = 8083; + secret_key = "@SEARXNG_SECRET@"; + }; + + # Search engine settings + search = { + safe_search = 2; + autocomplete_min = 2; + autocomplete = "duckduckgo"; + }; + + # Enabled plugins + enabled_plugins = [ + "Basic Calculator" + "Hash plugin" + "Tor check plugin" + "Open Access DOI rewrite" + "Hostnames plugin" + "Unit converter plugin" + "Tracker URL remover" + ]; + }; + }; + }; +} From 5114f52607aae5462eb391c2d13edee52beb0b70 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 25 Oct 2025 15:11:25 -0500 Subject: [PATCH 918/932] feat: added rust-analyzer vscode package --- .../leyla/packages/vscode/default.nix | 3 +++ .../programs/vscode/default.nix | 1 + .../programs/vscode/rustAnalyzer.nix | 27 +++++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 modules/home-manager-modules/programs/vscode/rustAnalyzer.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index fd72006e..36168b20 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -69,6 +69,9 @@ in { # go development go.enable = true; + # rust development + rustAnalyzer.enable = true; + # claude development claudeDev = lib.mkIf ai-tooling-enabled { enable = true; diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix index 8f366fef..f9d83dc7 100644 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ b/modules/home-manager-modules/programs/vscode/default.nix @@ -16,6 +16,7 @@ ./go.nix ./evenBetterToml.nix ./openRemoteSsh.nix + ./rustAnalyzer.nix ./astroVscode.nix ./vscodeMdx.nix ./claudeDev.nix diff --git a/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix new file mode 100644 index 00000000..66e9ebe2 --- /dev/null +++ b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix @@ -0,0 +1,27 @@ +{ + lib, + pkgs, + config, + ... +}: let + pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + pkgsRepository = pkgsRepositories.open-vsx; +in { + options.programs.vscode.profiles = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { + options = { + extraExtensions.rustAnalyzer = { + enable = lib.mkEnableOption "should the rust-analyzer extension for vscode be enabled"; + extension = lib.mkPackageOption pkgsRepository "rust-analyzer" { + default = ["rust-lang" "rust-analyzer"]; + }; + }; + }; + config = lib.mkIf config.extraExtensions.rustAnalyzer.enable { + extensions = [ + config.extraExtensions.rustAnalyzer.extension + ]; + }; + })); + }; +} From c97d43957df6413ab524c608169c77e58b464e3b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 13:06:08 -0500 Subject: [PATCH 919/932] feat: enabled actual --- configurations/nixos/defiant/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ae897ce9..62ab1def 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -319,7 +319,7 @@ }; actual = { - enable = false; + enable = true; domain = "budget.jan-leila.com"; }; From 7ad6a83dfa1bc7f1d1335636e976035e1abf425f Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 13:17:48 -0500 Subject: [PATCH 920/932] feat: broke leyla firefox config into submodules --- .../home-manager/leyla/packages/default.nix | 2 +- .../home-manager/leyla/packages/firefox.nix | 344 ------------------ .../leyla/packages/firefox/bookmarks.nix | 149 ++++++++ .../leyla/packages/firefox/default.nix | 18 + .../leyla/packages/firefox/firefox.nix | 221 +++++++++++ .../leyla/packages/firefox/harden.nix | 50 +++ 6 files changed, 439 insertions(+), 345 deletions(-) delete mode 100644 configurations/home-manager/leyla/packages/firefox.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/bookmarks.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/default.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/firefox.nix create mode 100644 configurations/home-manager/leyla/packages/firefox/harden.nix diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index 5bccad3e..50cc175c 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -9,7 +9,7 @@ in { imports = [ ./vscode - ./firefox.nix + ./firefox ./direnv.nix ./openssh.nix ./git.nix diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/packages/firefox.nix deleted file mode 100644 index d166eb47..00000000 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ /dev/null @@ -1,344 +0,0 @@ -{ - lib, - pkgs, - inputs, - ... -}: { - config = { - programs.firefox = { - profiles.leyla = { - settings = { - "browser.search.defaultenginename" = "Searx"; - "browser.search.order.1" = "Searx"; - }; - - search = { - force = true; - default = "Searx"; - engines = { - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = ["@np"]; - }; - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@nw"]; - }; - "Searx" = { - urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@searx"]; - }; - }; - }; - - extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ - bitwarden - terms-of-service-didnt-read - multi-account-containers - shinigami-eyes - - ublock-origin - sponsorblock - dearrow - df-youtube - return-youtube-dislikes - - privacy-badger - decentraleyes - clearurls - localcdn - - snowflake - - deutsch-de-language-pack - dictionary-german - - tab-session-manager - - # ( - # buildFirefoxXpiAddon rec { - # pname = "italiano-it-language-pack"; - # version = "132.0.20241110.231641"; - # addonId = "langpack-it@firefox.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Firefox Language Pack for Italiano (it) – Italian"; - # license = licenses.mpl20; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - # ( - # buildFirefoxXpiAddon rec { - # pname = "dizionario-italiano"; - # version = "5.1"; - # addonId = "it-IT@dictionaries.addons.mozilla.org"; - # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi"; - # sha256 = ""; - # meta = with lib; - # { - # description = "Add support for Italian to spellchecking"; - # license = licenses.gpl3; - # mozPermissions = []; - # platforms = platforms.all; - # }; - # } - # ) - ]; - - settings = { - # Disable irritating first-run stuff - "browser.disableResetPrompt" = true; - "browser.download.panel.shown" = true; - "browser.feeds.showFirstRunUI" = false; - "browser.messaging-system.whatsNewPanel.enabled" = false; - "browser.rights.3.shown" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.shell.defaultBrowserCheckCount" = 1; - "browser.startup.homepage_override.mstone" = "ignore"; - "browser.uitour.enabled" = false; - "startup.homepage_override_url" = ""; - "trailhead.firstrun.didSeeAboutWelcome" = true; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.bookmarks.addedImportButton" = true; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - - # Usage Experience - "browser.startup.homepage" = "about:home"; - "browser.download.useDownloadDir" = false; - "browser.uiCustomization.state" = builtins.toJSON { - "currentVersion" = 20; - "newElementCount" = 6; - "dirtyAreaCache" = [ - "nav-bar" - "PersonalToolbar" - "toolbar-menubar" - "TabsToolbar" - "unified-extensions-area" - "vertical-tabs" - ]; - "placements" = { - "widget-overflow-fixed-list" = []; - "unified-extensions-area" = [ - # bitwarden - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" - "sponsorblocker_ajay_app-browser-action" - "dearrow_ajay_app-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_testpilot-containers-browser-action" - "addon_simplelogin-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - "nav-bar" = [ - "back-button" - "forward-button" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "unified-extensions-button" - "reset-pbm-toolbar-button" - ]; - "toolbar-menubar" = [ - "menubar-items" - ]; - "TabsToolbar" = [ - "firefox-view-button" - "tabbrowser-tabs" - "new-tab-button" - "alltabs-button" - ]; - "vertical-tabs" = []; - "PersonalToolbar" = [ - "import-button" - "personal-bookmarks" - ]; - }; - "seen" = [ - "save-to-pocket-button" - "developer-button" - "privacy_privacy_com-browser-action" - "sponsorblocker_ajay_app-browser-action" - "ublock0_raymondhill_net-browser-action" - "addon_simplelogin-browser-action" - "dearrow_ajay_app-browser-action" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_testpilot-containers-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - }; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - "browser.newtabpage.blocked" = lib.genAttrs [ - # Facebook - "4gPpjkxgZzXPVtuEoAL9Ig==" - # Reddit - "gLv0ja2RYVgxKdp0I5qwvA==" - # Amazon - "K00ILysCaEq8+bEqV/3nuw==" - # Twitter - "T9nJot5PurhJSy8n038xGA==" - ] (_: 1); - "identity.fxaccounts.enabled" = false; - - # Security - "privacy.trackingprotection.enabled" = true; - "dom.security.https_only_mode" = true; - - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "signon.rememberSignons" = false; - "privacy.sanitize.sanitizeOnShutdown" = true; - "privacy.clearOnShutdown_v2.cache" = true; - "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; - "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; - "urlclassifier.trackingSkipURLs" = ""; - "urlclassifier.features.socialtracking.skipURLs" = ""; - "dom.security.https_only_mode_pbm" = true; - "dom.security.https_only_mode_error_page_user_suggestions" = true; - - # Disable telemetry - "app.shield.optoutstudies.enabled" = false; - "browser.discovery.enabled" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.ping-centre.telemetry" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.sessions.current.clean" = true; - "devtools.onboarding.telemetry.logged" = false; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.hybridContent.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.prompted" = 2; - "toolkit.telemetry.rejected" = true; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - "toolkit.telemetry.server" = ""; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.unifiedIsOptIn" = false; - "toolkit.telemetry.updatePing.enabled" = false; - }; - - bookmarks = { - force = true; - settings = [ - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; - }; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix new file mode 100644 index 00000000..8435d45d --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix @@ -0,0 +1,149 @@ +{...}: { + programs.firefox = { + profiles.leyla = { + bookmarks = { + force = true; + settings = [ + # Personal Services + { + name = "Media"; + url = "https://media.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Photos"; + url = "https://photos.jan-leila.com"; + keyword = ""; + tags = [""]; + } + { + name = "Git"; + url = "https://git.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Home Automation"; + url = "https://home.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Search"; + url = "https://search.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Budget"; + url = "https://budget.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Documents"; + url = "https://documents.jan-leila.com/"; + keyword = ""; + tags = [""]; + } + + # Defiant Server Services + { + name = "QBittorrent"; + url = "http://defiant:8084"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Sonarr"; + url = "http://defiant:8989"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Radarr"; + url = "http://defiant:7878"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Bazarr"; + url = "http://defiant:6767"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Lidarr"; + url = "http://defiant:8686"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Jackett"; + url = "http://defiant:9117"; + keyword = ""; + tags = ["defiant"]; + } + { + name = "Crab-hole DNS"; + url = "http://defiant:8085"; + keyword = ""; + tags = ["defiant"]; + } + + # External Services + { + name = "Mail"; + url = "https://mail.protonmail.com"; + keyword = ""; + tags = [""]; + } + { + name = "Open Street Map"; + url = "https://www.openstreetmap.org/"; + keyword = ""; + tags = [""]; + } + { + name = "Password Manager"; + url = "https://vault.bitwarden.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Mastodon"; + url = "https://mspsocial.net"; + keyword = ""; + tags = [""]; + } + { + name = "Linked In"; + url = "https://www.linkedin.com/"; + keyword = ""; + tags = [""]; + } + { + name = "Job Search"; + url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; + keyword = ""; + tags = [""]; + } + { + name = "React Docs"; + url = "https://react.dev/"; + keyword = ""; + tags = [""]; + } + # Template + # { + # name = ""; + # url = ""; + # keyword = ""; + # tags = [""]; + # } + ]; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/default.nix b/configurations/home-manager/leyla/packages/firefox/default.nix new file mode 100644 index 00000000..4246c68e --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/default.nix @@ -0,0 +1,18 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + imports = [ + ./firefox.nix + ./bookmarks.nix + ./harden.nix + ]; + + config = { + programs.firefox = { + enable = true; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix new file mode 100644 index 00000000..16783532 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/firefox.nix @@ -0,0 +1,221 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + programs.firefox = { + profiles.leyla = { + settings = { + "browser.search.defaultenginename" = "Searx"; + "browser.search.order.1" = "Searx"; + }; + + search = { + force = true; + default = "Searx"; + engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; + "NixOS Wiki" = { + urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; + "Searx" = { + urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; + icon = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@searx"]; + }; + }; + }; + + extensions.packages = with inputs.firefox-addons.packages.${pkgs.system}; [ + bitwarden + terms-of-service-didnt-read + multi-account-containers + shinigami-eyes + + ublock-origin + sponsorblock + dearrow + df-youtube + return-youtube-dislikes + + privacy-badger + decentraleyes + clearurls + localcdn + + snowflake + + deutsch-de-language-pack + dictionary-german + + tab-session-manager + + # (\ + # buildFirefoxXpiAddon rec {\ + # pname = "italiano-it-language-pack";\ + # version = "132.0.20241110.231641";\ + # addonId = "langpack-it@firefox.mozilla.org";\ + # url = "https://addons.mozilla.org/firefox/downloads/file/4392453/italiano_it_language_pack-${version}.xpi";\ + # sha256 = "";\ + # meta = with lib;\ + # {\ + # description = "Firefox Language Pack for Italiano (it) – Italian";\ + # license = licenses.mpl20;\ + # mozPermissions = [];\ + # platforms = platforms.all;\ + # };\ + # }\ + # )\ + # (\ + # buildFirefoxXpiAddon rec {\ + # pname = "dizionario-italiano";\ + # version = "5.1";\ + # addonId = "it-IT@dictionaries.addons.mozilla.org";\ + # url = "https://addons.mozilla.org/firefox/downloads/file/1163874/dizionario_italiano-${version}.xpi";\ + # sha256 = "";\ + # meta = with lib;\ + # {\ + # description = "Add support for Italian to spellchecking";\ + # license = licenses.gpl3;\ + # mozPermissions = [];\ + # platforms = platforms.all;\ + # };\ + # }\ + # )\ + ]; + + settings = { + # Disable irritating first-run stuff + "browser.disableResetPrompt" = true; + "browser.download.panel.shown" = true; + "browser.feeds.showFirstRunUI" = false; + "browser.messaging-system.whatsNewPanel.enabled" = false; + "browser.rights.3.shown" = true; + "browser.shell.checkDefaultBrowser" = false; + "browser.shell.defaultBrowserCheckCount" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "browser.uitour.enabled" = false; + "startup.homepage_override_url" = ""; + "trailhead.firstrun.didSeeAboutWelcome" = true; + "browser.bookmarks.restore_default_bookmarks" = false; + "browser.bookmarks.addedImportButton" = true; + "browser.newtabpage.activity-stream.feeds.section.topstories" = false; + + # Usage Experience + "browser.startup.homepage" = "about:home"; + "browser.download.useDownloadDir" = false; + "browser.uiCustomization.state" = builtins.toJSON { + "currentVersion" = 20; + "newElementCount" = 6; + "dirtyAreaCache" = [ + "nav-bar" + "PersonalToolbar" + "toolbar-menubar" + "TabsToolbar" + "unified-extensions-area" + "vertical-tabs" + ]; + "placements" = { + "widget-overflow-fixed-list" = []; + "unified-extensions-area" = [ + # bitwarden + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "sponsorblocker_ajay_app-browser-action" + "dearrow_ajay_app-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_testpilot-containers-browser-action" + "addon_simplelogin-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + "nav-bar" = [ + "back-button" + "forward-button" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "unified-extensions-button" + "reset-pbm-toolbar-button" + ]; + "toolbar-menubar" = [ + "menubar-items" + ]; + "TabsToolbar" = [ + "firefox-view-button" + "tabbrowser-tabs" + "new-tab-button" + "alltabs-button" + ]; + "vertical-tabs" = []; + "PersonalToolbar" = [ + "import-button" + "personal-bookmarks" + ]; + }; + "seen" = [ + "save-to-pocket-button" + "developer-button" + "privacy_privacy_com-browser-action" + "sponsorblocker_ajay_app-browser-action" + "ublock0_raymondhill_net-browser-action" + "addon_simplelogin-browser-action" + "dearrow_ajay_app-browser-action" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" + "jid1-bofifl9vbdl2zq_jetpack-browser-action" + "dfyoutube_example_com-browser-action" + "_testpilot-containers-browser-action" + "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" + "jid1-mnnxcxisbpnsxq_jetpack-browser-action" + "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" + "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" + "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" + ]; + }; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; + "browser.newtabpage.blocked" = lib.genAttrs [ + # Facebook + "4gPpjkxgZzXPVtuEoAL9Ig==" + # Reddit + "gLv0ja2RYVgxKdp0I5qwvA==" + # Amazon + "K00ILysCaEq8+bEqV/3nuw==" + # Twitter + "T9nJot5PurhJSy8n038xGA==" + ] (_: 1); + "identity.fxaccounts.enabled" = false; + }; + }; + }; +} diff --git a/configurations/home-manager/leyla/packages/firefox/harden.nix b/configurations/home-manager/leyla/packages/firefox/harden.nix new file mode 100644 index 00000000..66310c22 --- /dev/null +++ b/configurations/home-manager/leyla/packages/firefox/harden.nix @@ -0,0 +1,50 @@ +{...}: { + programs.firefox = { + profiles.leyla = { + settings = { + # Security + "privacy.trackingprotection.enabled" = true; + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode_pbm" = true; + "dom.security.https_only_mode_error_page_user_suggestions" = true; + + # Privacy & Data Protection + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "signon.rememberSignons" = false; + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.cache" = true; + "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; + "urlclassifier.trackingSkipURLs" = ""; + "urlclassifier.features.socialtracking.skipURLs" = ""; + + # Disable telemetry and data collection + "app.shield.optoutstudies.enabled" = false; + "browser.discovery.enabled" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.ping-centre.telemetry" = false; + "datareporting.healthreport.service.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "datareporting.policy.dataSubmissionEnabled" = false; + "datareporting.sessions.current.clean" = true; + "devtools.onboarding.telemetry.logged" = false; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.hybridContent.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.prompted" = 2; + "toolkit.telemetry.rejected" = true; + "toolkit.telemetry.reportingpolicy.firstRun" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.unifiedIsOptIn" = false; + "toolkit.telemetry.updatePing.enabled" = false; + }; + }; + }; +} From f72a6da0132b370a6d84db2c91e53e3a8857cc37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 14:24:18 -0500 Subject: [PATCH 921/932] feat: fixed actual install --- modules/nixos-modules/server/actual/actual.nix | 14 +++++++++----- modules/nixos-modules/server/actual/const.nix | 2 +- .../nixos-modules/server/actual/impermanence.nix | 10 ++++++++-- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/modules/nixos-modules/server/actual/actual.nix b/modules/nixos-modules/server/actual/actual.nix index 96ea5867..4cca4491 100644 --- a/modules/nixos-modules/server/actual/actual.nix +++ b/modules/nixos-modules/server/actual/actual.nix @@ -6,14 +6,18 @@ const = import ./const.nix; dataDirectory = const.dataDirectory; in { + options.services.actual = { + port = lib.mkOption { + type = lib.types.port; + description = "The port to listen on"; + default = 5006; + }; + }; config = lib.mkIf config.services.actual.enable { - systemd.tmpfiles.rules = [ - "d ${dataDirectory} 2770 actual actual" - ]; - services.actual = { settings = { - ACTUAL_DATA_DIR = dataDirectory; + port = config.services.actual.port; + dataDir = dataDirectory; }; }; }; diff --git a/modules/nixos-modules/server/actual/const.nix b/modules/nixos-modules/server/actual/const.nix index 13b068e8..14b715e9 100644 --- a/modules/nixos-modules/server/actual/const.nix +++ b/modules/nixos-modules/server/actual/const.nix @@ -1,3 +1,3 @@ { - dataDirectory = "/var/lib/actual/"; + dataDirectory = "/var/lib/private/actual"; } diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index 5a2bb6c5..f2031787 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -5,6 +5,8 @@ }: let const = import ./const.nix; dataDirectory = const.dataDirectory; + # Strip /private from dataDirectory for assertion check (systemd DynamicUser adds /private automatically) + configDataDirectory = lib.strings.replaceStrings ["/var/lib/private"] ["/var/lib"] dataDirectory; in { options.services.actual = { impermanence.enable = lib.mkOption { @@ -16,8 +18,12 @@ in { config = lib.mkIf config.services.actual.impermanence.enable { assertions = [ { - assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; - message = "actual data location does not match persistence"; + assertion = config.services.actual.settings.dataDir == dataDirectory; + message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; + } + { + assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; + message = "actual systemd service must have DynamicUser enabled to use private directory"; } ]; environment.persistence."/persist/system/root" = { From 758cbd17f72a738658e7d8554b9d3560a01fbb06 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 14:43:50 -0500 Subject: [PATCH 922/932] refactor: removed unused var --- modules/nixos-modules/server/actual/impermanence.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix index f2031787..d870789d 100644 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ b/modules/nixos-modules/server/actual/impermanence.nix @@ -5,8 +5,6 @@ }: let const = import ./const.nix; dataDirectory = const.dataDirectory; - # Strip /private from dataDirectory for assertion check (systemd DynamicUser adds /private automatically) - configDataDirectory = lib.strings.replaceStrings ["/var/lib/private"] ["/var/lib"] dataDirectory; in { options.services.actual = { impermanence.enable = lib.mkOption { From 81a65885374148fc60e0335624b8e7102cfbbdab Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 26 Oct 2025 23:35:54 -0500 Subject: [PATCH 923/932] feat: updated flack lock --- flake.lock | 30 ++++++++++++------------ modules/nixos-modules/server/wyoming.nix | 6 ++--- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 09349a68..11fb6729 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1761019419, - "narHash": "sha256-lOzy4BGZtPxxNOzDEwfy3lcb7enl53f1wYP/JVWwSHg=", + "lastModified": 1761478231, + "narHash": "sha256-a6ROM73M0TSrooI+8/UMj5KWKOdaDFTycVeo8XJ3dk4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "727c8a012382db77e14d72ce1fe4e19be3206ce6", + "rev": "ae968708476302f8781fb5e245d53f112ed04111", "type": "gitlab" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1761081701, - "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", + "lastModified": 1761530345, + "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", "owner": "nix-community", "repo": "home-manager", - "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", + "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1760721282, - "narHash": "sha256-aAHphQbU9t/b2RRy2Eb8oMv+I08isXv2KUGFAFn7nCo=", + "lastModified": 1761339987, + "narHash": "sha256-IUaawVwItZKi64IA6kF6wQCLCzpXbk2R46dHn8sHkig=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c3211fcd0c56c11ff110d346d4487b18f7365168", + "rev": "7cd9aac79ee2924a85c211d21fafd394b06a38de", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1761011896, - "narHash": "sha256-p6oWYhpJGIV76tJExGUFRkir29yCTUYLsnKmnhzW2C0=", + "lastModified": 1761530505, + "narHash": "sha256-SbuUyC5pfTcMa9JUqSxFyGJpCqoUsB74tboS22+lByY=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0a74c6a180110ac18584780eeff31e302b0bf8a4", + "rev": "5a5496a7d21265e0ce7641452daf6c560f0eb7a9", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index 4894dd43..c9a14741 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -37,9 +37,9 @@ openwakeword = { enable = true; uri = "tcp://0.0.0.0:10400"; - preloadModels = [ - "ok_nabu" - ]; + # preloadModels = [ + # "ok_nabu" + # ]; # TODO: custom models }; }; From bb5c94ec2c8c4955a3fd21bd1c460601889d749d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 00:53:59 -0500 Subject: [PATCH 924/932] feat: added catch all route to reverse proxy that blocks connections on non specified hosts --- .../server/reverseProxy/reverseProxy.nix | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix index 5b8357fe..eecc9bf7 100644 --- a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix +++ b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix @@ -6,6 +6,11 @@ options.services.reverseProxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; openFirewall = lib.mkEnableOption "open the firewall"; + refuseUnmatchedDomains = lib.mkOption { + type = lib.types.bool; + description = "refuse connections for domains that don't match any configured virtual hosts"; + default = true; + }; ports = { http = lib.mkOption { type = lib.types.port; @@ -96,7 +101,20 @@ services.nginx = { enable = true; virtualHosts = lib.mkMerge ( - lib.lists.flatten ( + (lib.optionals config.services.reverseProxy.refuseUnmatchedDomains [ + { + "_" = { + default = true; + serverName = "_"; + locations."/" = { + extraConfig = '' + return 444; + ''; + }; + }; + } + ]) + ++ lib.lists.flatten ( lib.attrsets.mapAttrsToList ( name: service: let hostConfig = { From ec802a2462571c069485b1eeaac6d3c476e332d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 00:56:56 -0500 Subject: [PATCH 925/932] chore: updated README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 23a49666..a251dad1 100644 --- a/README.md +++ b/README.md @@ -43,12 +43,12 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ +- proton mail now has an smtp server we could use that for our zfs and SMART test emails # Tasks: ## Chores: - [ ] test out crab hole service -- [ ] learn how to use actual ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) From f91f20be7c68920c1c52378aba82dba2a8ec472d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 01:13:42 -0500 Subject: [PATCH 926/932] chore: added more tasks to README.md --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a251dad1..b2530918 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut +- [ ] secondary server with data sync ## Data Access - [ ] nfs export should be backed by the same values for server and client @@ -76,6 +77,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Services - [ ] vikunja service for project management +- [ ] Penpot services (need to make this custom) +- [ ] minecraft server with old world file - [ ] Create Tor guard/relay server - [ ] mastodon instance - [ ] screeps server @@ -98,4 +101,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] postgres db load - [ ] nginx queries - [ ] ntfy.sh for push notifications -- [ ] kuma for uptime visualization \ No newline at end of file +- [ ] kuma for uptime visualization + +## Packages +- [ ] Custom private fork of MultiMC \ No newline at end of file From df663e5438753d2cde51bed048217a2dd99c3058 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 02:34:53 -0500 Subject: [PATCH 927/932] chore: added task to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b2530918..883e1437 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] rotate sops encryption keys periodically (and somehow sync between devices?) - [ ] Secure Boot - https://github.com/nix-community/lanzaboote - [ ] auto turn off on power loss - nut -- [ ] secondary server with data sync +- [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800 ## Data Access - [ ] nfs export should be backed by the same values for server and client From e57c1df6e5a6537b4ca8f4fc315fcbdcfd69f2a1 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 02:52:56 -0500 Subject: [PATCH 928/932] chore:added task for qbittorent directory --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 883e1437..d3a21217 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Chores: - [ ] test out crab hole service +- [ ] qbittorent should be downloading to `rpool/persist/system/qbittorrent` or maybe even `rpool/persist/system/jellyfin` but right now its downloading to `rpool/persist/system/root` this should be fixed ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) From f9c27c82b67930a90db943587543abfe46fda406 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 03:55:09 -0500 Subject: [PATCH 929/932] feat: refactored database configuration --- .../nixos/defiant/configuration.nix | 15 ++- .../nixos-modules/server/forgejo/database.nix | 59 ++++------ .../server/home-assistant/database.nix | 91 +++++++-------- .../nixos-modules/server/immich/database.nix | 44 +++---- .../server/panoramax/database.nix | 64 +++++++---- .../server/paperless/database.nix | 50 ++++---- .../server/postgres/impermanence.nix | 2 +- .../server/postgres/postgres.nix | 108 +++++++++++------- 8 files changed, 229 insertions(+), 204 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 62ab1def..e2f9401f 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -102,13 +102,6 @@ directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; - postgres = { - extraUsers = { - leyla = { - isAdmin = true; - }; - }; - }; }; systemd.network = { @@ -220,6 +213,12 @@ }; services = { + # PostgreSQL database server + postgresql = { + enable = true; + adminUsers = ["leyla"]; + }; + # temp enable desktop environment for setup # Enable the X11 windowing system. xserver.enable = true; @@ -327,7 +326,7 @@ enable = true; domain = "home.jan-leila.com"; openFirewall = true; - database = "postgres"; + postgres.enable = true; extensions = { sonos.enable = true; diff --git a/modules/nixos-modules/server/forgejo/database.nix b/modules/nixos-modules/server/forgejo/database.nix index 0417aabd..bb8781c4 100644 --- a/modules/nixos-modules/server/forgejo/database.nix +++ b/modules/nixos-modules/server/forgejo/database.nix @@ -2,40 +2,31 @@ lib, config, ... -}: { - config = lib.mkIf config.services.forgejo.enable ( - lib.mkMerge [ +}: let + usingPostgres = config.services.forgejo.database.type == "postgres"; +in { + config = lib.mkIf config.services.forgejo.enable { + assertions = [ { - host = { - postgres = { - enable = true; - }; - }; - - assertions = [ - { - assertion = config.services.forgejo.settings.database.DB_TYPE == "postgres"; - message = "Forgejo database type must be postgres"; - } - ]; + assertion = !usingPostgres || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when Forgejo database type is postgres"; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - forgejo = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - forgejo = { - name = "forgejo"; - }; - }; - }; - }; - }) - ] - ); + { + assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (db: db == "forgejo") config.services.postgresql.ensureDatabases); + message = "Forgejo built-in database creation failed - expected 'forgejo' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (user: user.name == "forgejo") config.services.postgresql.ensureUsers); + message = "Forgejo built-in user creation failed - expected user 'forgejo' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + services.forgejo.database.createDatabase = lib.mkDefault usingPostgres; + + systemd.services.forgejo = lib.mkIf usingPostgres { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/home-assistant/database.nix b/modules/nixos-modules/server/home-assistant/database.nix index 0ac8002f..f1927ed9 100644 --- a/modules/nixos-modules/server/home-assistant/database.nix +++ b/modules/nixos-modules/server/home-assistant/database.nix @@ -2,55 +2,52 @@ lib, config, ... -}: let - dbUser = "hass"; -in { - config = lib.mkIf config.services.home-assistant.enable ( - lib.mkMerge [ +}: { + options.services.home-assistant = { + postgres = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Use PostgreSQL instead of SQLite"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "hass"; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = "hass"; + description = "Database name"; + }; + }; + }; + + config = lib.mkIf config.services.home-assistant.enable { + assertions = [ { - host = { - postgres = { - enable = true; - }; - }; - - assertions = [ - { - assertion = config.services.home-assistant.database == "postgres"; - message = "Home Assistant database type must be postgres"; - } - ]; + assertion = !config.services.home-assistant.postgres.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Home Assistant"; } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${dbUser} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${dbUser} = { - name = dbUser; - }; - }; - }; - }; + ]; - services.home-assistant = { - extraPackages = python3Packages: - with python3Packages; [ - psycopg2 - ]; - }; + services.postgresql.databases.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + enable = true; + user = config.services.home-assistant.postgres.user; + database = config.services.home-assistant.postgres.database; + }; - systemd.services.home-assistant = { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }) - ] - ); + services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/immich/database.nix b/modules/nixos-modules/server/immich/database.nix index 74b1aaa9..52af51eb 100644 --- a/modules/nixos-modules/server/immich/database.nix +++ b/modules/nixos-modules/server/immich/database.nix @@ -3,24 +3,28 @@ config, ... }: { - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - }; - }; - } - (lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.immich.database.user} = { - isClient = true; - }; - }; - }; - }; - }) - ]); + config = lib.mkIf config.services.immich.enable { + assertions = [ + { + assertion = !config.services.immich.database.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Immich"; + } + { + assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (db: db == "immich") config.services.postgresql.ensureDatabases); + message = "Immich built-in database creation failed - expected 'immich' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (user: user.name == "immich") config.services.postgresql.ensureUsers); + message = "Immich built-in user creation failed - expected user 'immich' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + # Note: Immich has built-in database creation via services.immich.database.createDB we only add the systemd dependency + + systemd.services.immich-server = lib.mkIf config.services.immich.database.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix index 8679f9a4..17217263 100644 --- a/modules/nixos-modules/server/panoramax/database.nix +++ b/modules/nixos-modules/server/panoramax/database.nix @@ -3,32 +3,46 @@ config, ... }: { - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; + options.services.panoramax = { + database = { + postgres = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Use PostgreSQL instead of SQLite"; + }; + user = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "Database user name"; + }; + database = lib.mkOption { + type = lib.types.str; + default = "panoramax"; + description = "Database name"; }; }; - } - ( - lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.panoramax.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.panoramax.database.name} = { - name = config.services.panoramax.database.user; - }; - }; - }; - }; + }; + }; + + config = lib.mkIf config.services.panoramax.enable { + assertions = [ + { + assertion = !config.services.panoramax.database.postgres.enable || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using postgres database for Panoramax"; } - ) - ]); + ]; + + services.postgresql.databases.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { + enable = true; + user = config.services.panoramax.database.postgres.user; + database = config.services.panoramax.database.postgres.database; + }; + + systemd.services.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/paperless/database.nix b/modules/nixos-modules/server/paperless/database.nix index 6f4ce514..c63e59d9 100644 --- a/modules/nixos-modules/server/paperless/database.nix +++ b/modules/nixos-modules/server/paperless/database.nix @@ -3,32 +3,28 @@ lib, ... }: { - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - { - host = { - postgres = { - enable = true; - }; - }; - } - ( - lib.mkIf config.host.postgres.enable { - host = { - postgres = { - extraUsers = { - ${config.services.paperless.database.user} = { - isClient = true; - createUser = true; - }; - }; - extraDatabases = { - ${config.services.paperless.database.user} = { - name = config.services.paperless.database.user; - }; - }; - }; - }; + config = lib.mkIf config.services.paperless.enable { + assertions = [ + { + assertion = !config.services.paperless.database.createLocally || config.services.postgresql.enable; + message = "PostgreSQL must be enabled when using local postgres database for Paperless"; } - ) - ]); + { + assertion = !config.services.paperless.database.createLocally || (builtins.any (db: db == "paperless") config.services.postgresql.ensureDatabases); + message = "Paperless built-in database creation failed - expected 'paperless' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; + } + { + assertion = !config.services.paperless.database.createLocally || (builtins.any (user: user.name == "paperless") config.services.postgresql.ensureUsers); + message = "Paperless built-in user creation failed - expected user 'paperless' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; + } + ]; + + services.paperless.database.createLocally = lib.mkDefault true; + + systemd.services.paperless-scheduler = lib.mkIf config.services.paperless.database.createLocally { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }; } diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix index 6c2d295a..a67fb1a3 100644 --- a/modules/nixos-modules/server/postgres/impermanence.nix +++ b/modules/nixos-modules/server/postgres/impermanence.nix @@ -5,7 +5,7 @@ }: let dataDir = "/var/lib/postgresql/16"; in { - config = lib.mkIf (config.host.postgres.enable && config.host.impermanence.enable) { + config = lib.mkIf (config.services.postgresql.enable && config.host.impermanence.enable) { assertions = [ { assertion = config.services.postgresql.dataDir == dataDir; diff --git a/modules/nixos-modules/server/postgres/postgres.nix b/modules/nixos-modules/server/postgres/postgres.nix index e76857c4..af7d1b48 100644 --- a/modules/nixos-modules/server/postgres/postgres.nix +++ b/modules/nixos-modules/server/postgres/postgres.nix @@ -4,70 +4,94 @@ pkgs, ... }: let - adminUsers = lib.lists.filter (user: user.isAdmin) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - clientUsers = lib.lists.filter (user: user.isClient) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createUsers = lib.lists.filter (user: user.createUser) (lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraUsers); - createDatabases = lib.attrsets.mapAttrsToList (_: user: user) config.host.postgres.extraDatabases; + enabledDatabases = lib.filterAttrs (_: db: db.enable) config.services.postgresql.databases; + extraDatabasesList = config.services.postgresql.extraDatabases; + + serviceDatabaseUsers = lib.mapAttrsToList (_: db: { + name = db.user; + ensureDBOwnership = true; + }) (lib.filterAttrs (_: db: db.ensureUser) enabledDatabases); + + extraDatabaseUsers = + builtins.map (dbName: { + name = dbName; + ensureDBOwnership = true; + }) + extraDatabasesList; + + serviceDatabases = lib.mapAttrsToList (_: db: db.database) enabledDatabases; + extraDatabaseNames = extraDatabasesList; + + serviceUserMappings = lib.mapAttrsToList (_: db: "user_map ${db.user} ${db.user}") enabledDatabases; + extraUserMappings = builtins.map (dbName: "user_map ${dbName} ${dbName}") extraDatabasesList; + + builtinServiceMappings = let + forgejoMapping = lib.optional (config.services.forgejo.enable && config.services.forgejo.database.type == "postgres") "user_map forgejo forgejo"; + immichMapping = lib.optional (config.services.immich.enable && config.services.immich.database.enable) "user_map immich immich"; + paperlessMapping = lib.optional (config.services.paperless.enable && config.services.paperless.database.createLocally) "user_map paperless paperless"; + in + forgejoMapping ++ immichMapping ++ paperlessMapping; in { options = { - host.postgres = { - enable = lib.mkEnableOption "enable postgres"; - extraUsers = lib.mkOption { + services.postgresql = { + databases = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { - name = lib.mkOption { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to create this database and user"; + }; + user = lib.mkOption { type = lib.types.str; default = name; + description = "Database user name"; }; - isAdmin = lib.mkOption { - type = lib.types.bool; - default = false; + database = lib.mkOption { + type = lib.types.str; + default = name; + description = "Database name"; }; - isClient = lib.mkOption { + ensureUser = lib.mkOption { type = lib.types.bool; - default = false; - }; - createUser = lib.mkOption { - type = lib.types.bool; - default = false; + default = true; + description = "Whether to ensure the user exists"; }; }; })); default = {}; + description = "Databases to create for services"; }; + extraDatabases = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = {}; + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional databases to create (user name will match database name)"; + example = ["custom_db" "test_db"]; + }; + + adminUsers = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "System users who should have PostgreSQL superuser access"; + example = ["leyla" "admin"]; }; }; }; - config = lib.mkIf config.host.postgres.enable { + config = lib.mkIf config.services.postgresql.enable { services = { postgresql = { - enable = true; package = pkgs.postgresql_16; + ensureUsers = [ - { - name = "postgres"; - } + {name = "postgres";} ] - ++ ( - builtins.map (user: { - name = user.name; - ensureDBOwnership = true; - }) - createUsers - ); - ensureDatabases = builtins.map (database: database.name) createDatabases; + ++ serviceDatabaseUsers ++ extraDatabaseUsers; + + ensureDatabases = serviceDatabases ++ extraDatabaseNames; + identMap = '' # ArbitraryMapName systemUser DBUser @@ -77,16 +101,16 @@ in { superuser_map postgres postgres '' + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user.name} postgres") adminUsers) + lib.strings.concatLines (builtins.map (user: "superuser_map ${user} postgres") config.services.postgresql.adminUsers) ) + '' # Client Users '' + ( - lib.strings.concatLines (builtins.map (user: "user_map ${user.name} ${user.name}") clientUsers) + lib.strings.concatLines (serviceUserMappings ++ extraUserMappings ++ builtinServiceMappings) ); - # configuration here lets users access the db that matches their name and lets user postgres access everything + authentication = pkgs.lib.mkOverride 10 '' # type database DBuser origin-address auth-method optional_ident_map local all postgres peer map=superuser_map From 69ccbffd86992895196013fbf737ead6a8adfe7c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 27 Oct 2025 11:02:42 -0500 Subject: [PATCH 930/932] chore: removed incorrect task --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index d3a21217..883e1437 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Chores: - [ ] test out crab hole service -- [ ] qbittorent should be downloading to `rpool/persist/system/qbittorrent` or maybe even `rpool/persist/system/jellyfin` but right now its downloading to `rpool/persist/system/root` this should be fixed ## Tech Debt - [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) From c0e2e7ba4a6294033a45685d758f31bd2651d2b6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 30 Oct 2025 17:43:52 -0500 Subject: [PATCH 931/932] feat: updated flake.lock --- flake.lock | 36 +++++++++---------- .../common-modules/pkgs/polycule/default.nix | 4 +-- .../programs/bitwarden.nix | 2 +- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 11fb6729..ae03c48c 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1761478231, - "narHash": "sha256-a6ROM73M0TSrooI+8/UMj5KWKOdaDFTycVeo8XJ3dk4=", + "lastModified": 1761797037, + "narHash": "sha256-OqwAGit+3cdsG02K6+8WJniA2q0rqUVc6zbT5N9C1us=", "owner": "rycee", "repo": "nur-expressions", - "rev": "ae968708476302f8781fb5e245d53f112ed04111", + "rev": "3d9f4de0988bcfa57e45e16e1ef9326c56bdf891", "type": "gitlab" }, "original": { @@ -62,11 +62,11 @@ }, "flake-compat": { "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -133,11 +133,11 @@ ] }, "locked": { - "lastModified": 1761530345, - "narHash": "sha256-+9+YCK9Lh6GThkXu/8JTxMFUnImIdZpb8ElUh6/F5Y8=", + "lastModified": 1761845621, + "narHash": "sha256-d+R4MHsGmdebvSMsYUFWONsZSlUbOo8Zq/wjMdMiIac=", "owner": "nix-community", "repo": "home-manager", - "rev": "bbaeb9f1c29e79bb1653b32c3d73244cdf4bd888", + "rev": "97e3022a8d2c09313fa49847f6da4d76abcfc72d", "type": "github" }, "original": { @@ -268,11 +268,11 @@ ] }, "locked": { - "lastModified": 1761530505, - "narHash": "sha256-SbuUyC5pfTcMa9JUqSxFyGJpCqoUsB74tboS22+lByY=", + "lastModified": 1761789484, + "narHash": "sha256-17gDUWloFXQlavqHRey/urQe6sQ3yP5hsQyYmcNOZyU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "5a5496a7d21265e0ce7641452daf6c560f0eb7a9", + "rev": "c47e683d236fa6e4c27dbda2af3468cb9aceb813", "type": "github" }, "original": { @@ -283,11 +283,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760958188, - "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=", + "lastModified": 1761827175, + "narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", + "rev": "43ffe9ac82567512abb83187cb673de1091bdfa8", "type": "github" }, "original": { @@ -315,11 +315,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1761672384, + "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", "type": "github" }, "original": { diff --git a/modules/common-modules/pkgs/polycule/default.nix b/modules/common-modules/pkgs/polycule/default.nix index b463cc5c..e9841fed 100644 --- a/modules/common-modules/pkgs/polycule/default.nix +++ b/modules/common-modules/pkgs/polycule/default.nix @@ -3,7 +3,7 @@ flutter332, fetchFromGitLab, pkg-config, - wrapGAppsHook, + wrapGAppsHook3, gtk3, glib, glib-networking, @@ -65,7 +65,7 @@ flutter332.buildFlutterApplication rec { nativeBuildInputs = [ pkg-config - wrapGAppsHook + wrapGAppsHook3 ]; buildInputs = [ diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index 5c14068f..e305b6c6 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -11,7 +11,7 @@ config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [ { home.packages = with pkgs; [ - bitwarden + bitwarden-desktop ]; } ( From e1a5ddde95472de74219a40592dd746c9efa704d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 30 Oct 2025 22:28:02 -0500 Subject: [PATCH 932/932] feat: added storj to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 883e1437..dc12d352 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - [ ] Create Tor guard/relay server - [ ] mastodon instance - [ ] screeps server +- [ ] storj server ## DevOps - [ ] wake on LAN for updates