jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jan-leila:2f7bbf3e1c8a8d7aa5a34aedd5ee033cef58efc4
Branches Tags
jan-leila:main
jan-leila:storage-refactor
..
compare: jan-leila:65e0c6e0e5e8c22de2e2eeadb4c92a9fc7361ac7
Branches Tags
jan-leila:main
jan-leila:storage-refactor

No commits in common. "2f7bbf3e1c8a8d7aa5a34aedd5ee033cef58efc4" and "65e0c6e0e5e8c22de2e2eeadb4c92a9fc7361ac7" have entirely different histories.
2f7bbf3e1c ... 65e0c6e0e5

24 changed files with 108 additions and 4569 deletions
Download patch file Download diff file Expand all files Collapse all files

2
configurations/home-manager/eve/packages.nix
View file

@ -60,7 +60,7 @@ in {
bitwarden.enable = true;
discord.enable = true;
makemkv.enable = true;
signal-desktop.enable = true;
signal-desktop-bin.enable = true;
steam.enable = true;
piper.enable = hardware.piperMouse.enable;
krita.enable = true;

3
configurations/home-manager/leyla/packages/default.nix
View file

@ -41,7 +41,6 @@ in {
openrgb.enable = hardware.openRGB.enable;
via.enable = hardware.viaKeyboard.enable;
claude-code.enable = osConfig.host.ai.enable;
opencode.enable = osConfig.host.ai.enable;
davinci-resolve.enable = hardware.graphicsAcceleration.enable;
mfoc.enable = true;
})
@ -50,7 +49,7 @@ in {
android-studio.enable = true;
makemkv.enable = true;
discord.enable = true;
signal-desktop.enable = true;
signal-desktop-bin.enable = true;
calibre.enable = true;
obsidian.enable = true;
jetbrains.idea-oss.enable = true;

7
configurations/home-manager/leyla/packages/vscode/default.nix
View file

@ -58,9 +58,6 @@ in {
nearley.enable = true;
# graphql
graphql.enable = true;
# astro development
vscodeMdx.enable = true;
astroVscode.enable = true;
@ -76,11 +73,11 @@ in {
rustAnalyzer.enable = true;
# arduino development
platformIO.enable = false;
platformIO.enable = true;
# claude development
claudeDev = lib.mkIf ai-tooling-enabled {
enable = false;
enable = true;
mcp = {
nixos = {
enable = true;

4
configurations/nixos/defiant/configuration.nix
View file

@ -67,6 +67,7 @@
};
storage = {
generateBase = false;
zfs = {
enable = true;
notifications = {
@ -143,7 +144,6 @@
Endpoint = "185.230.126.146:51820";
# Allow all traffic but use policy routing to prevent system-wide VPN
AllowedIPs = ["0.0.0.0/0"];
PersistentKeepalive = 25;
}
];
};
@ -339,7 +339,7 @@
};
actual = {
enable = false;
enable = true;
domain = "budget.jan-leila.com";
impermanence.enable = false;
};

97
configurations/nixos/defiant/legacy-impermanence.nix
View file

@ -1,32 +1,19 @@
# Legacy impermanence module for defiant
# See legacy-storage.nix for the full incremental migration plan.
# This module contains all the impermanence configurations that were previously
# handled by individual service modules on the main branch. It allows us to
# merge the storage-refactor branch into main while keeping current functionality,
# and then migrate services one at a time to the new automated impermanence system.
#
# This file is consumed in two phases:
#
# Phase 3 (after generateBase is enabled):
# Remove the SYSTEM-LEVEL entries marked [PHASE 3] below. These will be
# handled automatically by storage.nix, ssh.nix, and the impermanence module:
# - var-lib-private-permissions activation script
# - /etc/machine-id
# - SSH host keys
# - /var/lib/nixos
# - /var/lib/systemd/coredump
# - /persist/system/var/log persistence block
#
# Phase 4 (migrate services one at a time, any order):
# For each service:
# 1. Remove the service's section marked [PHASE 4] from this file
# 2. Remove `impermanence.enable = false` for that service in configuration.nix
# For jellyfin/qbittorrent, also remove the separate media persistence blocks.
#
# Phase 5: Delete this file once empty.
# To migrate a service to the new system:
# 1. Remove the service's configuration from this file
# 2. Set `impermanence.enable = true` for that service in configuration.nix
# 3. Remove `impermanence.enable = false` from the service configuration
{
config,
lib,
...
}: {
config = lib.mkIf config.storage.impermanence.enable {
# [PHASE 3] Remove this activation script after enabling generateBase
system.activationScripts = {
"var-lib-private-permissions" = {
deps = ["specialfs"];
@ -40,28 +27,8 @@
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
# [PHASE 3] Remove this files block after enabling generateBase
files = lib.mkMerge [
["/etc/machine-id"]
# SSH host keys
(lib.mkIf config.services.openssh.enable (
lib.lists.flatten (
builtins.map (hostKey: [
hostKey.path
"${hostKey.path}.pub"
])
config.services.openssh.hostKeys
)
))
];
directories = lib.mkMerge [
# [PHASE 3] Remove these system directories after enabling generateBase
[
"/var/lib/nixos"
"/var/lib/systemd/coredump"
]
# [PHASE 4] PostgreSQL
# PostgreSQL
(lib.mkIf config.services.postgresql.enable [
{
directory = "/var/lib/postgresql/16";
@ -70,7 +37,7 @@
}
])
# [PHASE 4] Reverse Proxy (ACME)
# Reverse Proxy (ACME)
(lib.mkIf config.services.reverseProxy.enable [
{
directory = "/var/lib/acme";
@ -79,7 +46,7 @@
}
])
# [PHASE 4] Ollama
# Ollama
(lib.mkIf config.services.ollama.enable [
{
directory = "/var/lib/private/ollama";
@ -89,7 +56,7 @@
}
])
# [PHASE 4] Tailscale
# Tailscale
(lib.mkIf config.services.tailscale.enable [
{
directory = "/var/lib/tailscale";
@ -98,7 +65,7 @@
}
])
# [PHASE 4] Syncthing
# Syncthing
(lib.mkIf config.services.syncthing.enable [
{
directory = "/mnt/sync";
@ -112,7 +79,7 @@
}
])
# [PHASE 4] Fail2ban
# Fail2ban
(lib.mkIf config.services.fail2ban.enable [
{
directory = "/var/lib/fail2ban";
@ -121,7 +88,7 @@
}
])
# [PHASE 4] Jellyfin (data/cache only - media is on separate dataset)
# Jellyfin (data/cache only - media is on separate dataset)
(lib.mkIf config.services.jellyfin.enable [
{
directory = "/var/lib/jellyfin";
@ -135,7 +102,7 @@
}
])
# [PHASE 4] Immich
# Immich
(lib.mkIf config.services.immich.enable [
{
directory = "/var/lib/immich";
@ -144,7 +111,7 @@
}
])
# [PHASE 4] Forgejo
# Forgejo
(lib.mkIf config.services.forgejo.enable [
{
directory = "/var/lib/forgejo";
@ -153,7 +120,7 @@
}
])
# [PHASE 4] Actual
# Actual
(lib.mkIf config.services.actual.enable [
{
directory = "/var/lib/private/actual";
@ -162,7 +129,7 @@
}
])
# [PHASE 4] Home Assistant
# Home Assistant
(lib.mkIf config.services.home-assistant.enable [
{
directory = "/var/lib/hass";
@ -171,7 +138,7 @@
}
])
# [PHASE 4] Paperless
# Paperless
(lib.mkIf config.services.paperless.enable [
{
directory = "/var/lib/paperless";
@ -180,7 +147,7 @@
}
])
# [PHASE 4] Crab-hole
# Crab-hole
(lib.mkIf config.services.crab-hole.enable [
{
directory = "/var/lib/private/crab-hole";
@ -189,7 +156,7 @@
}
])
# [PHASE 4] qBittorrent (config only - media is on separate dataset)
# qBittorrent (config only - media is on separate dataset)
(lib.mkIf config.services.qbittorrent.enable [
{
directory = "/var/lib/qBittorrent/";
@ -198,7 +165,7 @@
}
])
# [PHASE 4] Sonarr
# Sonarr
(lib.mkIf config.services.sonarr.enable [
{
directory = "/var/lib/sonarr/.config/NzbDrone";
@ -207,7 +174,7 @@
}
])
# [PHASE 4] Radarr
# Radarr
(lib.mkIf config.services.radarr.enable [
{
directory = "/var/lib/radarr/.config/Radarr";
@ -216,7 +183,7 @@
}
])
# [PHASE 4] Bazarr
# Bazarr
(lib.mkIf config.services.bazarr.enable [
{
directory = "/var/lib/bazarr";
@ -225,7 +192,7 @@
}
])
# [PHASE 4] Lidarr
# Lidarr
(lib.mkIf config.services.lidarr.enable [
{
directory = "/var/lib/lidarr/.config/Lidarr";
@ -234,7 +201,7 @@
}
])
# [PHASE 4] Jackett
# Jackett
(lib.mkIf config.services.jackett.enable [
{
directory = "/var/lib/jackett/.config/Jackett";
@ -243,7 +210,7 @@
}
])
# [PHASE 4] FlareSolverr
# FlareSolverr
(lib.mkIf config.services.flaresolverr.enable [
{
directory = "/var/lib/flaresolverr";
@ -254,8 +221,7 @@
];
};
# [PHASE 4 - LAST] Jellyfin media on separate dataset
# Requires Phase 2 media dataset merge before migrating (several days of data copy)
# Jellyfin media on separate dataset (matching main)
environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable {
enable = true;
hideMounts = true;
@ -269,8 +235,7 @@
];
};
# [PHASE 4 - LAST] qBittorrent media on separate dataset
# Requires Phase 2 media dataset merge before migrating (several days of data copy)
# qBittorrent media on separate dataset (matching main)
environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable {
enable = true;
hideMounts = true;
@ -284,7 +249,7 @@
];
};
# [PHASE 3] /var/log persistence - handled by storage.nix after generateBase
# /var/log persistence (matching main)
environment.persistence."/persist/system/var/log" = {
enable = true;
hideMounts = true;

147
configurations/nixos/defiant/legacy-storage.nix
View file

@ -1,131 +1,20 @@
# Legacy storage configuration for defiant
# This file manually defines ZFS datasets matching the existing on-disk layout
# to allow incremental migration to the new storage module (generateBase = true).
# This file manually defines ZFS datasets matching the main branch structure
# to allow incremental migration to the new storage module.
#
# ============================================================================
# INCREMENTAL MIGRATION PLAN
# ============================================================================
#
# Current disk usage (for reference):
# rpool/local/system/nix ~26G (renamed in place, no copy)
# rpool/local/system/sops ~328K (renamed in place, no copy)
# rpool/persist/system/jellyfin ~32T (renamed in place, no copy)
# rpool/persist/system/qbittorrent ~6.5T (copied into media dataset, ~6.5T temp)
# rpool free space ~30T
#
# Phase 1: Migrate base datasets on disk (boot from live USB or rescue)
# All operations in this phase are instant renames -- no data is copied.
#
# Unlock the pool:
# zfs load-key -a
#
# Step 1a: Move nix and sops out of local/ (they go to persist/local/)
# The -p flag auto-creates the parent datasets.
#
# zfs rename -p rpool/local/system/nix rpool/persist/local/nix
# zfs rename -p rpool/local/system/sops rpool/persist/local/system/sops
#
# Step 1b: Rename local/ -> ephemeral/ (takes remaining children with it)
# zfs rename rpool/local rpool/ephemeral
# # This moves: local/system/root -> ephemeral/system/root
# # local/home/leyla -> ephemeral/home/leyla
#
# Step 1c: Recreate blank snapshots on ephemeral datasets
# zfs destroy rpool/ephemeral/system/root@blank
# zfs snapshot rpool/ephemeral/system/root@blank
# zfs destroy rpool/ephemeral/home/leyla@blank
# zfs snapshot rpool/ephemeral/home/leyla@blank
#
# Step 1d: Move persist/ children under persist/replicate/
# zfs create -o canmount=off rpool/persist/replicate
# zfs create -o canmount=off rpool/persist/replicate/system
# zfs rename rpool/persist/system/root rpool/persist/replicate/system/root
# zfs rename rpool/persist/system/var rpool/persist/replicate/system/var
# zfs rename rpool/persist/home/leyla rpool/persist/replicate/home
# # Clean up the now-empty home parent
# zfs destroy rpool/persist/home
# # NOTE: Do NOT destroy rpool/persist/system -- it still contains
# # persist/system/jellyfin and persist/system/qbittorrent which are
# # migrated in Phase 2.
#
# Verify the new layout:
# zfs list -r rpool -o name,used,mountpoint
#
# Phase 2: Merge media into a single dataset (do this last)
# Strategy: Rename the jellyfin dataset to become the shared media dataset
# (zero copy, instant), then copy qbittorrent data into it (~6.5T copy).
# This avoids duplicating the 32T jellyfin dataset.
#
# Step 2a: Rename jellyfin dataset to the shared media name
# zfs rename rpool/persist/system/jellyfin rpool/persist/replicate/system/media
#
# Step 2b: Copy qbittorrent data into the media dataset
# This copies ~6.5T and may take several hours/days depending on disk speed.
# The qbittorrent data is not critical to back up so no snapshot needed.
#
# systemctl stop qbittorrent
# rsync -avPHAX /persist/system/qbittorrent/ /persist/replicate/system/media/
#
# Step 2c: Verify the data and clean up
# ls -la /persist/replicate/system/media/
# zfs destroy rpool/persist/system/qbittorrent
# # persist/system should now be empty, clean it up:
# zfs destroy rpool/persist/system
#
# Phase 3: Enable generateBase
# In the nix config:
# - Delete this file (legacy-storage.nix) and remove its import from default.nix
# - Remove [PHASE 3] entries from legacy-impermanence.nix:
# - var-lib-private-permissions activation script
# - /etc/machine-id, SSH host keys (files block)
# - /var/lib/nixos, /var/lib/systemd/coredump (directories)
# - /persist/system/var/log persistence block
# These are now handled automatically by storage.nix and ssh.nix.
# Rebuild and verify:
# sudo nixos-rebuild switch --flake .#defiant
# # Verify mounts: findmnt -t fuse.bindfs,fuse
# # Verify persist: ls /persist/replicate/system/root/var/lib/nixos
# # Verify boot: reboot and confirm system comes up cleanly
#
# Phase 4: Migrate services (one at a time, any order)
# For each service (except jellyfin/qbittorrent):
# 1. Remove the service's [PHASE 4] section from legacy-impermanence.nix
# 2. Remove `impermanence.enable = false` for that service in configuration.nix
# 3. Rebuild: sudo nixos-rebuild switch --flake .#defiant
# 4. Verify: systemctl status <service>, check the service's data is intact
# No data migration is needed -- the data already lives on the renamed
# dataset at the new path.
#
# Migrate jellyfin and qbittorrent LAST (after Phase 2 media merge):
# 1. Remove [PHASE 4 - LAST] jellyfin entries from legacy-impermanence.nix
# 2. Remove [PHASE 4 - LAST] qbittorrent entries from legacy-impermanence.nix
# 3. Remove `impermanence.enable = false` for both in configuration.nix
# 4. Rebuild: sudo nixos-rebuild switch --flake .#defiant
# 5. Verify: systemctl status jellyfin qbittorrent
#
# Phase 5: Cleanup
# Once all services are migrated and legacy-impermanence.nix is empty:
# - Delete legacy-impermanence.nix and remove its import from default.nix
# - Rebuild: sudo nixos-rebuild switch --flake .#defiant
#
# ============================================================================
#
# Current on-disk dataset layout:
# rpool/local/ - ephemeral parent
# rpool/local/home/leyla - ephemeral user home (rolled back on boot)
# rpool/local/system/nix - nix store
# rpool/local/system/root - root filesystem (rolled back on boot)
# rpool/local/system/sops - sops age key
# rpool/persist/ - persistent parent
# rpool/persist/home/leyla - persistent user home
# rpool/persist/system/jellyfin - jellyfin media
# rpool/persist/system/qbittorrent - qbittorrent media
# rpool/persist/system/root - persistent root data
# rpool/persist/system/var/log - log persistence
# Datasets from main branch:
# - local/ - ephemeral parent
# - local/home/leyla - ephemeral user home
# - local/system/nix - nix store
# - local/system/root - root filesystem (rolled back on boot)
# - local/system/sops - sops age key
# - persist/ - persistent parent
# - persist/home/leyla - persistent user home
# - persist/system/jellyfin - jellyfin media
# - persist/system/qbittorrent - qbittorrent media
# - persist/system/root - persistent root data
# - persist/system/var/log - log persistence
{lib, ...}: {
# Disable automatic base dataset generation so we can define them manually
storage.generateBase = false;
# Manually define ZFS datasets matching main's structure
storage.zfs.datasets = {
# Ephemeral datasets (local/)
@ -158,7 +47,7 @@
};
"local/system/sops" = {
type = "zfs_fs";
mount = "/var/lib/sops-nix";
mount = "/persist/sops";
};
# Persistent datasets (persist/)
@ -198,10 +87,9 @@
};
};
# Boot commands to rollback ephemeral root and user homes on boot
# Boot commands to rollback ephemeral root on boot
boot.initrd.postResumeCommands = lib.mkAfter ''
zfs rollback -r rpool/local/system/root@blank
zfs rollback -r rpool/local/home/leyla@blank
'';
# FileSystems needed for boot
@ -211,8 +99,5 @@
"/persist/system/var/log".neededForBoot = true;
"/persist/system/jellyfin".neededForBoot = true;
"/persist/system/qbittorrent".neededForBoot = true;
"/var/lib/sops-nix".neededForBoot = true;
"/persist/home/leyla".neededForBoot = true;
"/home/leyla".neededForBoot = true;
};
}

1
configurations/nixos/emergent/default.nix
View file

@ -3,6 +3,5 @@
imports = [
./configuration.nix
./hardware-configuration.nix
./legacy-storage.nix
];
}

51
configurations/nixos/emergent/legacy-storage.nix
View file

@ -1,51 +0,0 @@
# Legacy storage configuration for emergent
# This file manually defines ZFS datasets matching the existing on-disk layout
# to allow incremental migration to the new storage module (generateBase = true).
#
# Current on-disk dataset layout:
# rpool/local/ - parent (canmount=off)
# rpool/local/system/nix - nix store
# rpool/local/system/root - root filesystem
#
# Migration plan:
# Phase 1: Rename datasets on disk (boot from live USB)
# zfs rename -p rpool/local/system/nix rpool/persist/local/nix
# zfs rename rpool/local rpool/persist/local
# # This moves: local/system/root -> persist/local/root (need to rename after)
# # Actually, since local/system/root needs to become persist/local/root:
# zfs rename rpool/persist/local/system/root rpool/persist/local/root
# zfs destroy rpool/persist/local/system # now empty
# # Recreate blank snapshot:
# zfs destroy rpool/persist/local/root@blank
# zfs snapshot rpool/persist/local/root@blank
#
# Phase 2: Delete this file, remove its import from default.nix, rebuild.
{...}: {
# Disable automatic base dataset generation so we can define them manually
storage.generateBase = false;
# Manually define ZFS datasets matching the existing on-disk layout
storage.zfs.datasets = {
"local" = {
type = "zfs_fs";
mount = null;
};
"local/system/nix" = {
type = "zfs_fs";
mount = "/nix";
atime = "off";
relatime = "off";
snapshot = {
autoSnapshot = false;
};
};
"local/system/root" = {
type = "zfs_fs";
mount = "/";
snapshot = {
blankSnapshot = true;
autoSnapshot = true;
};
};
};
}

82
flake.lock generated
View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1772867152,
"narHash": "sha256-RIFgZ4O6Eg+5ysZ8Tqb3YvcqiRaNy440GEY22ltjRrs=",
"lastModified": 1766150702,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
"owner": "nix-community",
"repo": "disko",
"rev": "eaafb89b56e948661d618eefd4757d9ea8d77514",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
"type": "github"
},
"original": {
@ -28,11 +28,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1772856163,
"narHash": "sha256-xD+d1+FVhKJ+oFYMTWOdVSBoXS4yeMyVZyDjMXqWEJE=",
"lastModified": 1768500104,
"narHash": "sha256-Xa8XJaydHKAhDCLyjdKcDKjFrGgdahNcVo1boGUdZKY=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "d358a550c7beac5f04fbc5a786e14af079606689",
"rev": "7e517454cd248c76046c3157b56662d223de29b1",
"type": "gitlab"
},
"original": {
@ -115,11 +115,11 @@
]
},
"locked": {
"lastModified": 1772845525,
"narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=",
"lastModified": 1768512489,
"narHash": "sha256-jZi945d3e6DYhrw3K5Pew+QaL3qSgq3O6xiVaEVLgXs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0",
"rev": "bba859cd85b90dd9e4e6fd44b2af4aa64ae801a1",
"type": "github"
},
"original": {
@ -129,20 +129,12 @@
}
},
"impermanence": {
"inputs": {
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769548169,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
@ -194,11 +186,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1772769318,
"narHash": "sha256-RAyOW5JMXRhiREqxFPOzw80fVsYVBnOPFgBSjnJ6gbY=",
"lastModified": 1767822362,
"narHash": "sha256-rnpIDY/sy/uV+1dsW+MrFwAFE/RHg5K/6aa5k7Yt1Dc=",
"owner": "utensils",
"repo": "mcp-nixos",
"rev": "60c1efbba0de1268b42f1144c904e6c8a9627dde",
"rev": "9706014c1530ba12ff36ca8d9d1717b1e61d29db",
"type": "github"
},
"original": {
@ -214,11 +206,11 @@
]
},
"locked": {
"lastModified": 1772379624,
"narHash": "sha256-NG9LLTWlz4YiaTAiRGChbrzbVxBfX+Auq4Ab/SWmk4A=",
"lastModified": 1768220509,
"narHash": "sha256-8wMrJP/Xk5Dkm0TxzaERLt3eGFEhHTWaJKUpK3AoL4o=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "52d061516108769656a8bd9c6e811c677ec5b462",
"rev": "7b1d394e7d9112d4060e12ef3271b38a7c43e83b",
"type": "github"
},
"original": {
@ -255,11 +247,11 @@
]
},
"locked": {
"lastModified": 1772850876,
"narHash": "sha256-Ga19zlfMpakCY4GMwBSOljNLOF0nEYrYBXv0hP/d4rw=",
"lastModified": 1768443224,
"narHash": "sha256-U2UHV+8Ygba2eFhFSnl15wMuKqNR884V2mo2fLO9wy0=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "22f084d4c280dfc8a9d764f7b85af38e5d69c3dc",
"rev": "151bb82df60a9ffcd2fef1116e4c9baf133b3ec5",
"type": "github"
},
"original": {
@ -270,11 +262,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1771969195,
"narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
"lastModified": 1768499669,
"narHash": "sha256-jJr/zDxu5evfQxlXtMrFFF68/RNj1UrctS/eIsay4k0=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
"rev": "7297dfc69ae9b06e984a6f69900ce25e67c76f46",
"type": "github"
},
"original": {
@ -317,11 +309,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1772773019,
"narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"lastModified": 1768305791,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"type": "github"
},
"original": {
@ -354,11 +346,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1771445312,
"narHash": "sha256-8uOcu+ZurGx0LmGFCf87Zbj4ikhVPQtP+PuBscEBCv0=",
"lastModified": 1765628894,
"narHash": "sha256-7q1foPZ6ZlspMNa48oRT7iMl89cvMMaWtdrJweE6B8I=",
"owner": "IntQuant",
"repo": "noita_entangled_worlds",
"rev": "4a842f29d0e5fb8dc6df73d87f7bb8d2a16f0fc8",
"rev": "266c6871b2878cf3b6f180c6d299da88f12c9f8e",
"type": "github"
},
"original": {
@ -411,11 +403,11 @@
"secrets": {
"flake": false,
"locked": {
"lastModified": 1768867162,
"narHash": "sha256-NiW2gUcdhnUbYQw476HzgBz+uVjyLnz151hzCQbWBX8=",
"lastModified": 1765740994,
"narHash": "sha256-aBs7m69yuiixzGzhUlWAAN+zBziBNII+BFEC/5mPcSI=",
"ref": "refs/heads/main",
"rev": "22be81505a49cd205e9b5c91f51af69c0b885ed3",
"revCount": 23,
"rev": "6e90a73ed2e1e81ba37628fc5e5494a80d22b526",
"revCount": 22,
"type": "git",
"url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
},
@ -431,11 +423,11 @@
]
},
"locked": {
"lastModified": 1772495394,
"narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=",
"lastModified": 1768481291,
"narHash": "sha256-NjKtkJraCZEnLHAJxLTI+BfdU//9coAz9p5TqveZwPU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff",
"rev": "e085e303dfcce21adcb5fec535d65aacb066f101",
"type": "github"
},
"original": {

4102
modules/common-modules/pkgs/cline/cline-package-lock.json generated
View file

File diff suppressed because it is too large Load diff

53
modules/common-modules/pkgs/cline/default.nix
View file

@ -1,53 +0,0 @@
{
lib,
buildNpmPackage,
fetchurl,
ripgrep,
makeWrapper,
jq,
...
}:
buildNpmPackage rec {
pname = "cline";
version = "2.4.2";
src = fetchurl {
url = "https://registry.npmjs.org/cline/-/cline-${version}.tgz";
hash = "sha256-2utOBC0vhoj5fR+cG+Vdo3N6+i/pNW1E4mESF/dZS/c=";
};
sourceRoot = "package";
postPatch = ''
cp ${./cline-package-lock.json} package-lock.json
# Remove @vscode/ripgrep from package.json since it tries to download
# a binary from GitHub during install, which fails in the nix sandbox.
# We provide ripgrep from nixpkgs instead via PATH wrapping.
# Also remove the man field since the man page is not included in the npm tarball.
${jq}/bin/jq 'del(.dependencies["@vscode/ripgrep"]) | del(.man)' package.json > package.json.tmp
mv package.json.tmp package.json
'';
npmDepsHash = "sha256-oHo60ghR7A4SUT0cLmIe7glPDYBK3twJ0F71RKVrxQc=";
dontNpmBuild = true;
# Skip post-install scripts to be safe
npmFlags = ["--ignore-scripts"];
nativeBuildInputs = [makeWrapper jq];
# Provide ripgrep from nixpkgs since @vscode/ripgrep was removed
postInstall = ''
wrapProgram $out/bin/cline \
--prefix PATH : ${lib.makeBinPath [ripgrep]}
'';
meta = with lib; {
description = "Autonomous coding agent CLI - capable of creating/editing files, running commands, using the browser, and more";
homepage = "https://cline.bot";
license = licenses.asl20;
mainProgram = "cline";
};
}

3
modules/common-modules/pkgs/default.nix
View file

@ -44,8 +44,5 @@
# Override h3 C library to version 4.3.0
h3 = pkgs.callPackage ./h3-c-lib.nix {};
})
(final: prev: {
cline = pkgs.callPackage ./cline/default.nix {};
})
];
}

16
modules/common-modules/pkgs/gdx-liftoff.nix
View file

@ -4,12 +4,8 @@
makeWrapper,
jdk,
lib,
xorg,
libGL,
libx11,
libxcursor,
libxext,
libxrandr,
libxxf86vm,
...
}:
stdenv.mkDerivation rec {
@ -28,11 +24,11 @@ stdenv.mkDerivation rec {
runtimeDependencies = lib.makeLibraryPath [
# glfw
libGL
libx11
libxcursor
libxext
libxrandr
libxxf86vm
xorg.libX11
xorg.libXcursor
xorg.libXext
xorg.libXrandr
xorg.libXxf86vm
];
installPhase = ''

7
modules/home-manager-modules/impermanence.nix
View file

@ -26,13 +26,8 @@ in {
# If impermanence is not enabled for this user but system impermanence is enabled,
# persist the entire home directory as fallback
(lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) {
home.persistence."${
if osConfig.storage.generateBase
then "/persist/replicate/home"
else "/persist/home/${config.home.username}"
}" = {
home.persistence."/persist/replicate/home" = {
directories = ["."];
allowOther = true;
};
})
];

6
modules/home-manager-modules/programs/signal.nix
View file

@ -4,14 +4,14 @@
config,
...
}: {
options.programs.signal-desktop = {
options.programs.signal-desktop-bin = {
enable = lib.mkEnableOption "enable signal";
};
config = lib.mkIf config.programs.signal-desktop.enable (lib.mkMerge [
config = lib.mkIf config.programs.signal-desktop-bin.enable (lib.mkMerge [
{
home.packages = with pkgs; [
signal-desktop
signal-desktop-bin
];
}
(

30
modules/home-manager-modules/programs/vscode/claudeDev.nix
View file

@ -10,19 +10,6 @@
mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default;
anyProfileHasInstallTool = lib.any (
profile:
profile.extraExtensions.claudeDev.enable
&& profile.extraExtensions.claudeDev.installTool
) (lib.attrValues config.programs.vscode.profiles);
getInstallToolPackage = lib.findFirst (package: package != null) pkgs.cline (map (
profile:
if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.installTool
then profile.extraExtensions.claudeDev.package
else null
) (lib.attrValues config.programs.vscode.profiles));
anyProfileHasMcpNixos = lib.any (
profile:
profile.extraExtensions.claudeDev.enable
@ -82,17 +69,6 @@ in {
default = ["saoudrizwan" "claude-dev"];
};
installTool = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to install the cline CLI tool for subagent support when the extension is enabled";
};
package = lib.mkOption {
type = lib.types.package;
default = pkgs.cline;
description = "The package to install for the cline CLI tool";
};
mcp = {
nixos = {
enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev";
@ -169,12 +145,6 @@ in {
};
config = lib.mkMerge [
(lib.mkIf anyProfileHasInstallTool {
home.packages = [
getInstallToolPackage
];
})
(lib.mkIf anyProfileHasMcpNixos {
home.packages = [
mcp-nixos

1
modules/home-manager-modules/programs/vscode/default.nix
View file

@ -26,6 +26,5 @@
./direnv.nix
./conventionalCommits.nix
./openDyslexicFont.nix
./graphql.nix
];
}

7
modules/home-manager-modules/programs/vscode/go.nix
View file

@ -21,13 +21,6 @@ in {
extensions = [
config.extraExtensions.go.extension
];
userSettings = {
"go.alternateTools" = {
"gopls" = "gopls";
};
"go.toolsManagement.autoUpdate" = false;
"go.useLanguageServer" = true;
};
};
}));
};

27
modules/home-manager-modules/programs/vscode/graphql.nix
View file

@ -1,27 +0,0 @@
{
lib,
pkgs,
config,
...
}: let
pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version;
pkgsRepository = pkgsRepositories.open-vsx;
in {
options.programs.vscode.profiles = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({config, ...}: {
options = {
extraExtensions.graphql = {
enable = lib.mkEnableOption "should the graphql highlighting extension for vscode be enabled";
extension = lib.mkPackageOption pkgsRepository "vscode-graphql" {
default = ["graphql" "vscode-graphql-syntax"];
};
};
};
config = lib.mkIf config.extraExtensions.graphql.enable {
extensions = [
config.extraExtensions.graphql.extension
];
};
}));
};
}

3
modules/home-manager-modules/programs/vscode/platformIO.nix
View file

@ -21,9 +21,6 @@ in {
extensions = [
config.extraExtensions.platformIO.extension
];
userSettings = {
"platformio-ide.useBuiltinPIOCore" = false;
};
};
}));
};

3
modules/nixos-modules/storage/impermanence.nix
View file

@ -81,9 +81,6 @@ in {
programs.fuse.userAllowOther = true;
# Suppress sudo lecture on every boot since impermanence wipes the lecture status file
security.sudo.extraConfig = "Defaults lecture=never";
fileSystems =
lib.mapAttrs' (
datasetName: dataset:

2
modules/nixos-modules/storage/storage.nix
View file

@ -153,7 +153,7 @@ in {
config.storage.datasets.replicate)
];
})
(lib.mkIf (config.storage.zfs.enable && !config.storage.impermanence.enable && config.storage.generateBase) {
(lib.mkIf (config.storage.zfs.enable && !config.storage.impermanence.enable) {
storage.datasets = {
# Base organizational datasets (only needed when impermanence is disabled)
local = {

16
modules/nixos-modules/storage/zfs.nix
View file

@ -9,12 +9,6 @@ args @ {
# Hash function for disk names (max 27 chars to fit GPT limitations)
hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive));
# Map "stripe" to "" for disko compatibility (disko uses "" for stripe mode)
diskoPoolMode =
if config.storage.zfs.pool.mode == "stripe"
then ""
else config.storage.zfs.pool.mode;
# Helper to flatten vdevs into list of devices with names
allVdevDevices = lib.lists.flatten (builtins.map (
vdev:
@ -218,10 +212,10 @@ in {
# in
# diskWarnings ++ datasetWarnings;
services.zfs = {
autoScrub.enable = true;
autoSnapshot.enable = true;
};
# services.zfs = {
# autoScrub.enable = true;
# autoSnapshot.enable = true;
# };
# # Configure disko for ZFS setup
disko.devices = {
@ -266,7 +260,7 @@ in {
type = "topology";
vdev =
builtins.map (vdev: {
mode = diskoPoolMode;
mode = config.storage.zfs.pool.mode;
members = builtins.map (device: hashDisk device.device) vdev;
})
config.storage.zfs.pool.vdevs;

7
modules/nixos-modules/users.nix
View file

@ -409,13 +409,10 @@ in {
);
# Post resume commands to rollback user home datasets to blank snapshots
# Only add these when generateBase is true -- when false, the legacy
# storage config is responsible for providing rollback commands with
# the correct (old) dataset paths.
boot.initrd.postResumeCommands = lib.mkIf config.storage.generateBase (lib.mkAfter (
boot.initrd.postResumeCommands = lib.mkAfter (
lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank")
normalUsers)
));
);
# TODO: I don't think we need this anymore but I have not tested it
# Create persist home directories with proper permissions